Comment Re:My experience differs from yours. (Score 1) 197
Actually, without hacking Phonegap, at least on iOS, the first time you access geolocaiton, it pops up the standard 'APP_X would like to use your location' message - we had to rework our Phonegap app to do that properly, instead of having a trainwreck of a URL in that notification.
Android had a better model for security, frankly, in how you build an app - as part of the configuration, you can indicate with a fair degree of granularity what rights you want your app to have, and our upcoming app will only have GPS and network access. We don't care about your contacts, or pictures of cats, or what porn you watch on your phone. Too busy to dig through that crap, and it's not worth anything to us anyway. A similar capabilities-based model for iOS would be great - and I'm not spending the time learning enough Objective-C to do that natively. I have 10 other projects we had to put aside to do this mobile crap, that still need to get done.
The fact is, for web shops tasked with doing a "mobile app" because it's the next f**king Web 2.0 buzzword-compliant "we're serious - we have an app and everything", being able to do a shovelware mobile app without having to learn 2 new languages is great. Our customers go away happy, we don't have to spend the time becoming experts in yet more arcane single-use dev frameworks, and we can go on to the next project.
You want it safe? Go after the OS vendors, and let those of us who write apps define the capabilities we should need, and sandbox the rest. And make it easier in the IDE to select capabilities you need, and default them to 'off', That way, the "I was a designer, but now I do teh mobile apps!" people won't inadvertently bunch a big hole in your phone's security.