> This is huge, doesn't this make google guilty as well?
I'm not sure I follow. An app can request permissions, and the user can allow or deny them. I don't understand how this puts guilt on Google. Can you elaborate?
this seems like a hole in their design, additional access is being granted without the user really knowing what is going on and they are deliberately keeping the user out of the loop.
at least, that is how I am interpreting it, it seems that the functionality of their software is not functioning in the 'spirit' of what it is suppose to be doing.
In essence, Android permissions system have (had?) a vulnerability that Facebook exploited, and Google is responsible to a small extent as the maintainer of the vulnerable software.
Google is very culpable because the various problems with Android's permission system were raised hundreds of times by security experts, both internal and external, and they didn't consider it a high priority to fix.
Even when they added a sane permission model in Android $VERSION, developers were allowed to bypass it for years by just building apps targeting Android $VERSION - 1 instead.
Google's web security may be the best in the world, but Android security is a disgrace and they should be called on it. (Fuschia may put them on top of the world if they ever switch Android to that, but we'll have to see whether that happens.)
at least, that is how I am interpreting it, it seems that the functionality of their software is not functioning in the 'spirit' of what it is suppose to be doing.