Robin Humble <rjh+luv@cita.utoronto.ca> wrote:
CyanogenMod folks thought that spoofing a lot and crashing many apps and causing a big app support load risked CM as a whole being blacklisted by app developers. eg. enough apps written as if (CM) exit(1); // too hard to support these tin foil hatters would defeat the whole purpose. I guess it's a fine line to walk when a rom has millions of users - it's large enough to get in trouble.
My problem is with the original security model which lets app developers assume that they don't have to handle "permission denied" conditions appropriately if they declare all of the permissions they want in advance. It would be better to set up an expectation from the outset that certain API calls can result in denials of permission and you had better handle them gracefully if you're an app writer. As I understand it from this discussion, the current approach is to ask the user to grant all permissions that might be needed during installation, and then the app author can simply assume throughout the code that security restrictions won't stand in the way of the actual operations.