On Wed, Jul 03, 2013 at 01:23:23PM +1000, Brian May wrote:
On 3 July 2013 12:38, Rick Moen <rick@linuxmafia.com> wrote:
Older versions of cyanogenmod supported disabling permissions so you can restrict what it can do if you don't like the requested permissions. Not in recent versions unfortunately. There might be alternative apps in the market to do this, haven't checked in ages.
Spineless developers {sigh}. This isn't the first time the CyanogenMod
Steve Kondik (aka Cyanogen) has committed Privacy Guard to recent CyanogenMod nightlys. AFAICT the idea of Privacy Guard is to protect against all sorts of promiscuous apps (facebook, g+, games etc.), but in a much simpler to use way than cm7's fine grained model. as a data point, I ran cm7 for a year or two and never used the fine grained permissions. frankly it's a lot of work to understand exactly what all the permissions mean, and to test every app to see what breaks with what combos of revoked permissions. the idea with Privacy Guard is to return null sets (of contacts, call logs, etc.) or coarse data (eg. location) rather than to deny them outright, which can easy break apps and make them crash. the theory is that by doing this it should be plausible to have Privacy Guard on by default most of the time for most people and most apps. ie. it might be something people actually use, and so should be far more effective overall than the cm7 model. in other CyanogenMod news (and again perhaps inspired by recent NSA and Edward Snowden events) Koush is working with Moxie Marlinspike (of RedPhone and TextSecure and (ex-?)whispersystems fame) to bring end-to-end encrypted sms to CyanogenMod as well as other platforms. again, with easy to use & integrated being key design elements. http://www.cyanogenmod.org/blog I've built and run Privacy Guard in my CyanogenMod based ZTE v9 roms and it seems to work (ie. the little shield icon pops up :-) but IMHO it's a few weeks away from being stable enough for me to ship to my users yet. personally I think the CM folks are on roughly the right track and deserve praise for trying to build something folks will use and that will protect them, rather than scorn for not re-implementing all the rarely used bits of cm7. if you really want to go full tin foil hat then I expect the patches are out there to fake IMEI and everything else (or just write them yourself) and it's up to you to do the build for your phone. or simpler, just don't install the facebook app!
To be fair, it is a weakness in the Android permission model.
hmm. personally I think it's just a complex problem (mostly of user education) and no solution is perfect. does any other system handle this in a simpler and clearer and more manageable manner - selinux? unix groups? acls? I don't think so. firefox os was pretty naive about app permissions last time I checked. no idea about apple, ububtu phone os, tizen, or 'doze phone.
Instead it should be "Please can I have this permission?" and Android can say "Yes" or "No" depending on the user's preference, and app has to handle the result in a graceful way (yes, this could mean throwing up an error message and refusing to run).
most apps just die (FC) if they don't get granted full permissions. cheers, robin