Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Could you elaborate how it's a privacy concern? I have to get pretty darn creative to come up with any scenarios.


What makes a privacy concern legitimate, to your mind? It's giving data about a person to a group that otherwise would not have had access to it. It seems first order a privacy concern.

There's also some possibility it could be turned into more sensitive data - if my app tends to be recommended around social circles, and I see two people were on the phone over the same period of time, it's likely they were talking.


And if a service can reach out to the Internet, it knows my IP can tell where I am. And if it suddenly cuts out after being on a known IP, then maybe I'm going through a local tunnel.

That's what I meant by you have to get really creative to think how this could possibly be impacting. If you have a sandbox, you have to choose which permissions you're going to ask for carefully, to avoid overloading users.

Android made a bad decision by making phone apps needing permission to know if the phone is active, then compounded that by tying it into device ID and who you're calling.


"The privacy concerns are not significant enough to merit demanding permissions" is certainly a defensible position; I'm not sure whether I agree with it, but it's not crazy.

That is distinct, though, from "there is no privacy concern."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: