[raesene6]

Generally the way I've seen sudo implemented in all desktop linuxes is that after providing a password the process gets all access.

This to me isn't a great trade off as it relies on the user invoking the process understanding the security risks they're taking, which is a tricky one.

Sure you can do more with sudo, but unless it's the default, most people won't

[flukus]

There's room for improvemnt, it's just the best trade off I've seen. Windows has it's "click yes to continue" buttons, android has it's permissions thing that is useless to everyone. At least making people pause and type a password might make them think about what they're doing a bit.

[icebraining]

The best trade off I've seen is what Nokia's S60 (and iOS, or so I've heard) did: have granular permissions like Android, but show a dialog when the app first tries to use them, instead of having a laundry list at installation time.

You're more likely to think twice when you open your flashlight app and it asks "Do you want to allow [Flashlight App] to read all your contacts?"

[flukus]

It that once off or every time? There have been a few Android apps that started off OK and transitioned to spyware.

[rahoulb]

On iOS it asks the first time the app wants a particular permission but doesn't ask again. If you want to change your initial choice, you can head to Settings and view/change the grants/revokes by permission or by app.

[icebraining]

Can't remember. Still, I don't think it matters - if you know an app has turned into spyware, why are you opening it again instead of uninstalling it?

[flukus]

Because I don't know until I hear it somewhere.