Imagine the following scenario - you are looking for an application (app) on the Google Store, but the application that you found does 3 or 4 other things that you are not really interested in. Perhaps it is a photo editor that also syncs with Dropbox, has an online gallery, etc. All you want is local photo editing. Today, there is nothing you can do unless the app uses Android 6.0 run-time permissions, but if you had more fine-grained permission control, you could deny or just limit access to those extraneous permissions like web access.
I previously wrote about a solution to many of the problems associated with the Android operating system. For the rest of this article, I will pretend that the Android community has adopted these design ideas.
A trustworthy OS would give the user full control over each app's ability to run in the background, upload and download data over various connections (mobile, public network, private "home" network), etc. Before installation, the user would be prompted (as usual) but for each permission there would be a drop-down list of choices - allow full access, prompt every time, deny access, limited access, custom access, or simulated access.
Let us examine the permission "access your contacts". If the app only needs to confirm your identity, give it "limited access - just me", or a custom list of your work and home contact entries. If this app had a social media aspect, you could still use it with confidence knowing that they would not be stealing your entire contact list and sending it to their servers.
If this was well implemented, it would not eliminate rogue apps, but would allow the user to de-fang the app by both preventing access, and preventing communication, and even if they tunneled some information out, it could be simulated data.
What does this mean to users? No more ring-tone apps that steal every file, call history, and contacts.
The next obvious step would be for some trusted authority to provide a list of recommended permissions to grant an app.
This would require Ad-ware apps to redesign themselves to use an official "Advertisement" channel so they could still remain profitable. Google would be responsible for shutting down abuses like using the advertisement channel to steal data.
I previously wrote about a solution to many of the problems associated with the Android operating system. For the rest of this article, I will pretend that the Android community has adopted these design ideas.
A trustworthy OS would give the user full control over each app's ability to run in the background, upload and download data over various connections (mobile, public network, private "home" network), etc. Before installation, the user would be prompted (as usual) but for each permission there would be a drop-down list of choices - allow full access, prompt every time, deny access, limited access, custom access, or simulated access.
Let us examine the permission "access your contacts". If the app only needs to confirm your identity, give it "limited access - just me", or a custom list of your work and home contact entries. If this app had a social media aspect, you could still use it with confidence knowing that they would not be stealing your entire contact list and sending it to their servers.
If this was well implemented, it would not eliminate rogue apps, but would allow the user to de-fang the app by both preventing access, and preventing communication, and even if they tunneled some information out, it could be simulated data.
What does this mean to users? No more ring-tone apps that steal every file, call history, and contacts.
The next obvious step would be for some trusted authority to provide a list of recommended permissions to grant an app.
This would require Ad-ware apps to redesign themselves to use an official "Advertisement" channel so they could still remain profitable. Google would be responsible for shutting down abuses like using the advertisement channel to steal data.
Comments