On Mon, Jul 08, 2013 at 03:48:51AM +1000, Andrew McGlashan wrote:
On 8/07/2013 2:23 AM, Robin Humble wrote:
Steve Kondik (aka Cyanogen) has committed Privacy Guard to recent CyanogenMod nightlys.
Sounds good.
logs, etc.) or coarse data (eg. location) rather than to deny them outright, which can easy break apps and make them crash. the theory is that by doing this it should be plausible to have Privacy Guard on by default most of the time for most people and most apps.
I think it would be better to provide dummy data that might otherwise make sense for the app.
Contact: nobody@example.net with rand first and last names, phone numbers set aside for the movies 8675309 .... (that's from a song, if I got it right).
Location: GPS co-ords of Bermuda Triangle or other random places.
So, the app gets data, but the data is useless to the app.
maybe Open PDroid is for you http://forum.xda-developers.com/showthread.php?p=36678558 I haven't tried it, but it seems to have plenty of fine grained options. I expect there are other options out there too. CyanogenMod folks thought that spoofing a lot and crashing many apps and causing a big app support load risked CM as a whole being blacklisted by app developers. eg. enough apps written as if (CM) exit(1); // too hard to support these tin foil hatters would defeat the whole purpose. I guess it's a fine line to walk when a rom has millions of users - it's large enough to get in trouble. the PrivacyGuard method of returning null sets (eg. no contacts, no sms's sent/recv'd) should be low disruption to apps as is a legit state that a phone could be in. having said that, I would kinda like to see a separate 'privacy' control for fine gps location though as I don't mind some apps (eg. bushfire) knowing exactly where I am on a map, but they still have no right to read or send sms's for me.
It also needs to provide dummy access to any memory cards too -- or at the very least chroot type access to data areas so as to limit every app to only have the possibility to read/write it's own data.
CyanogenMod (or maybe even standard Android) already has: Settings -> Developer options -> Protect SD card "Apps must request permission to read SD card" which isn't great as it's not limiting them to one sdcard directory or anything, but OTOH if you have a photo editing app of some sort then you actually want it to be able to read your directories full of photos... I can't remember where I read this (I think it was in their busybox or bionic source code) but I have a feeling Linux namespaces are going to be used more in future android releases. eg. mount namespaces can make lightweight containers. just a guess :)
hmm. personally I think it's just a complex problem (mostly of user education) and no solution is perfect. does any other system handle this in a simpler and clearer and more manageable manner - selinux? unix groups? acls? I don't think so.
firefox os was pretty naive about app permissions last time I checked. no idea about apple, ububtu phone os, tizen, or 'doze phone.
Yes, tough situation. I do wish there was a secure, private and safe mobile option that we can really trust.
at least a bunch of them are open source (mostly) so anyone can write patches and ship their own. cheers, robin