- Permissions
are all or nothing - the user either grants access to all the
permissions at installation time, or he can't install the app.
- Permissions are too coarse, such that if an app needs access to one particular function/ability (let's call them "sub-permissions" for simplicity), it will usually need to ask for a load of other sub-permissions that it doesn't actually need. On it's own this wouldn't have been too bad, but...
- Permissions often contain several sub-permissions that aren't related to each other in a useful way, at least from the user's perspective, when he is worried about privacy (or possibly security). e.g. To tell whether the user is making/receiving a call or not (so it can pause itself), an app also gains access to who the user is calling, the caller's own phone number, and other personal information.
I would like to see developer being able to mark some permissions as optional, so that savy users could choose to disable them if they wanted. For example, say that My Backup's internet permission was marked as optional - then if I didn't want to use the cloud (nor risk the NSA remote-controlling it) I could simply disable internet access.
Or instead marking them as optional, the developer could mark some permissions as ask first, such that they default to disabled but upon first use the user would be automatically asked if they allow the app access to that permission. This has the benefit that the user will understand WHY a permission is needed, and so they can make a more informed decision about whether to allow it.
Or Google could take try to please everyone, by effectively implementing both options... but keep it simple for users, by having "optional" permissions default to behaving like "ask first". That way users would not have this important security option hidden from them, but savy users could change it if they want. You view this "optional" behaviour as "don't ask me about permission choices".
As far as fixing coarse permissions (esp. when grouping unrelated sub-permissions), it might be too much to ask that Google totally revamp Android's permissions, but there are a few obviously bad mistakes that they ought to fix:
- Checking whether the user is making/receiving a call should not require access to tons of other personal info. Thus music players & games & other apps could pause for calls, without getting access to lots of unnecessary stuff.
- Being able to store data on the SD card should NOT require giving an app access to the whole SD card. It would be far better if every app has a pre-defined (but maybe user configurable) folder, and could only be given permission to write to that folder.
- But once you've created an app-specific folder for writing, why not limited read-access to that folder too? Then you don't need to give an app read-access to the whole SD card either. Given that private data may be stored on the SD card, this seems like a big security win.
