Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Permission System Could Make Android Much Less Secure

Posted by Soulskill on from the this-app-is-requesting-permission-to-shock-you-with-a-tazer dept.

capedgirardeau writes: An update to the Google Play store now groups app permissions into collections of related permissions, making them much less fine grained and potentially misleading for users. For example, the SMS permissions group would allow an app access to both reading and sending SMS messages. The problem is that once an app has access to the group of permissions, it can make use of any of the allowed actions at any time without ever informing the user. As Google explains: "It's a good idea to review permissions groups before downloading an app. Once you've allowed an app to access a permissions group, the app may use any of the individual permissions that are part of that group. You won't need to manually approve individual permissions updates that belong to a permissions group you've already accepted."

3 of 249 comments (clear)

  1. How is this a good idea? by matthewmok · · Score: 5, Insightful

    I don't think it has to be explained why this is a potential problem. So then, it should be explained why this is such a great idea that the problems it creates are insignificant.

    1. Re:How is this a good idea? by Russ1642 · · Score: 5, Insightful

      They should be moving towards a model where you can individually allow or disallow a permission, even if the app says it requires it. But this would cause chaos for all those apps that require 'full internet access' so they can push ads, collect data, invade your privacy, and molest your children.

  2. Well, no. by Anonymous Coward · · Score: 5, Insightful

    Google wants companies to actually write apps for the Google Play store. If they give end-users too much power over the permissions, they drive companies out of the Google Play store and over to the Apple store.

    On the other hand, Google also wants end-users to actually buy these products. By grouping permissions up, they seem innocuous, so users feel less threatened (even though they should feel more threatened) and will buy the stuff.

    From a business perspective, this move makes perfect sense. From an educated geek end-user's perspective, it really sucks. But what are you going to do? The world you want to live in does not exist.