>Earlier this week, CNET ran an article critical of the permission model of the Android Market. Google’s response to the criticism was that “each Android app must get users’ permission to access sensitive information”. While this is technically true, one should not need a PhD in Computer Science to use a smartphone. How is a consumer supposed to know exactly what the permission “act as an account authenticator” means? The CNET opinion piece “Is Google far too much in love with engineering?” is quite relevant here.
Is it?
Just to be clear, it is my belief that on the iPhone all apps have the run of every bit of functionality provided by the sandbox. Meaning if one app can access contacts, all apps can access contacts. If one app can get your location, all apps can get your location. If one app can pull your contacts and your location and send it to a web service, then all apps can do the same.
On Android this isn't the case at all. On install you had to explicitly confirm the required rights.
The Android model is a thousand times better, at least assuming they avoid user fatigue where people simply OK anything.
It could see improvements for sure, though. For one I'd like to see optional permissions. When I installed Barcode Scanner I was a bit perplexed as to why it asked to access my contact list. Turns out it's because it can create barcodes from contacts. Nonetheless, that should be an optional permission that I could set to yes (checked), no (red x), or ask on demand (cleared), defaulting to ask on demand. It would make me far less nervous about apps that seem to unnecessarily ask for the kitchen sink.
This is mostly true, except for location. The iPhone has always asked for permission before providing your location to apps (even to Apple's preinstalled apps, like Maps) and as of iOS 4, you're able to see a list of apps that have asked for your location, whether you said yes or not (with the option to change) and whether the app has accessed your location in the last 24 hours.
>Earlier this week, CNET ran an article critical of the permission model of the Android Market. Google’s response to the criticism was that “each Android app must get users’ permission to access sensitive information”. While this is technically true, one should not need a PhD in Computer Science to use a smartphone. How is a consumer supposed to know exactly what the permission “act as an account authenticator” means? The CNET opinion piece “Is Google far too much in love with engineering?” is quite relevant here.
Is it?
Just to be clear, it is my belief that on the iPhone all apps have the run of every bit of functionality provided by the sandbox. Meaning if one app can access contacts, all apps can access contacts. If one app can get your location, all apps can get your location. If one app can pull your contacts and your location and send it to a web service, then all apps can do the same.
On Android this isn't the case at all. On install you had to explicitly confirm the required rights.
The Android model is a thousand times better, at least assuming they avoid user fatigue where people simply OK anything.
It could see improvements for sure, though. For one I'd like to see optional permissions. When I installed Barcode Scanner I was a bit perplexed as to why it asked to access my contact list. Turns out it's because it can create barcodes from contacts. Nonetheless, that should be an optional permission that I could set to yes (checked), no (red x), or ask on demand (cleared), defaulting to ask on demand. It would make me far less nervous about apps that seem to unnecessarily ask for the kitchen sink.