Comment Re:Fragmentation is not to blame (Score 1) 318
The security features you describe are exactly what Android should provide for everybody as standard, out of the box, and more.
I would certainly appreciate this; however, when it comes to app permissions the user's best interests are in tension with the app developer's. You would think that the answer to this is obvious—that the user's interests prevail, because it's their device—but it becomes dicey when you're talking about spoofing permission elements.
Thus, something like PDroid will likely never be included in CyanogenMod, because even the custom ROM people are concerned about the app developer ecosystem. CyanogenMod 7.1/7.2 allowed users to block individual app permissions, but critically they rejected a PDroid-like permissions spoofing patch because that was "bad for developers". The problem with simply blocking permissions instead of spoofing them is that outright blocking access tends to cause apps to crash. Furthermore, this is not really the app devs' fault: they expected access to those permission-controlled resources because access was approved by the user upon installation of the app.
Android has had a leg up on iOS in the permissions awareness regard by having a long history of expressly listing the permissions that apps have when they're downloaded. PDroid expands upon this base to give permission control like power users have come to expect.
Techies can of course root their devices and install the needed protections, but our poor non-technical friends and relatives have no chance of doing that, and are ripe for exploitation by app developers.
Yes, but again this is tough. Here's an analogy: we all agree that having versatile ACL's for files is ideal from a security standpoint. However, when you start modifying ACL's for files within an application's installation directory it's likely to make the application act strangely and/or crash. And are non-techies likely to remember what they changed (or that they changed anything at all) if an application starts acting strangely?
Coming back to the Android app permission example: the UI for the apps' permissions control is likely going to be difficult for a non-technical person to understand. If a non-technical person revokes an app's "Network Info" permission and then the app later has difficulty determining whether it has access to the internet when the user *wants* to connect...
Remember, outright revoked permissions tend to cause app crashes. Spoofed permissions systems like PDroid feed incorrect data to the app when the app asks for "blocked" data. This will inevitably lead to strange app behaviors, which non-technical people will likely chalk up to the app/OS, rather than their permissions override.
It's really not good enough as things stand.
I agree, though I am uncertain whether there will ever be a solution that is both simple enough for non-technical people to understand/operate *and* powerful enough to fully protect the user. I hope they try, though.
In the meantime, OpenPDroid offers a solution, even though the bar is high.