Wednesday, April 14, 2010

[hylhwdaf] Dynamic Android permissions

Application permissions on Android are currently an all-or-nothing affair.  If you don't want to grant an application permission, your only choice is not to install it.

The most privacy violating permissions, access to internet, GPS, making calls, contact lists, are suitable for fine-grained control.  After installing the application granting permission, run the application in a sandbox.  When it tries to access internet or make a call, let the system respond (perhaps falsely) that the network is currently not available.  If the application asks for GPS, respond that there's no satellite signal.  When it asks for contacts, respond that you have no contacts.

This is dynamic (run time) checking, instead of static (compile time) checking.

Inspired by applications which have no reason for accessing internet, but still ask to.  (Probably adware.)

1 comment :

Anonymous said...

or at least let the user deselect some when installing