On 9/07/2013 3:34 AM, Robin Humble wrote:
My problem is with the original security model which lets app developers assume that they don't have to handle "permission denied" conditions appropriately if they declare all of the permissions they want in advance.
It would be better to set up an expectation from the outset that certain API calls can result in denials of permission and you had better handle them gracefully if you're an app writer. As I understand it from this discussion, the current approach is to ask the user to grant all permissions that might be needed during installation, and then the app author can simply assume throughout the code that security restrictions won't stand in the way of the actual operations.
I don't know why google did it that way, but I suspect this was a compromise they decided upon to make app development a LOT easier.
Not to mention that the resulting code without the extra checks is going to be smaller. This would have been a concern with early Android devices that were much more memory and storage constrained than is typical today. Regards, Morrie. -- Morrie Wyatt (morrie@mtiqualos.com.au) ----------------------------------------- M.T.I. Qualos Pty. Ltd. 55 Northern Rd. West Heidelberg Vic. 3081 Ph: +61 3 9450 1900 Fax: +61 3 9458 3217 -----------------------------------------