1) Incremental Authorization - let Android apps ask for permissions only as they...

click170 · on Dec 17, 2014

Take it a step further, I should be able to forge the contacts in my address book, my GPS coordinates, the list of installed apps.. The list goes on.

But I would happily start with incremental permissions. Baby steps.

9mit3t2m9h9a · on Dec 17, 2014

As far as I understand, there is an option that is even simpler for application developers: all applications have the permissions to see and alter whatever they want on the phone, up to a storage quota for modifications. Most of their accesses are hellbanned, though… Hellbanning logic can be altered by applications (obviously, the user would have to allow the configuration application to access the real settings), so granularity can be added as a bolt-on.

But I guess giving users actual security and privacy is against both Google's and Apple's interest, so this can only exist on a custom ROM without Google Play Services (or with sandboxed Google Play Services, which is probably against EULA).

habosa · on Dec 17, 2014

Well with incremental the developer would put what is 'required' into the manifest for install-time prompt and incremental the rest.

You can't expect a developer to allow you to deny any permission, the whole app would be a giant if-statement spaghetti accounting for all of the permission combinations and workarounds.

Aldo_MX · on Dec 17, 2014

As a user, I don't care if your app will self-destruct if you don't get access to permissions like "read and send SMSs". I simply don't want a free to play game to scan my SMSs for advertisement purposes.

titanomachy · on Dec 17, 2014

Even if you failed to guarantee a functional app for people who deny permissions, it would still be an improvement over the current status quo.

desas · on Dec 17, 2014

Developers manage it for iOS, why can't they do it for android?