Hacker News new | ask | show | jobs
by version_five 1164 days ago
It's "good" in the same way that "google stops punching man in the face" might be good.

In a sea of predatory applications, why is lending the only one that gets blocked here? A whitelist would be better (say approved photo and contact apps could access photos and contacts), and better still would be the app can only access what you transfer to it and doesn't get blanket permissions.

I also agree with the other comment that this shouldn't be within Google's power to decide, it should be regulated - if you force a closed OS on users, you should be limited in what it can access
2 comments
supriyo-biswas 1164 days ago
> In a sea of predatory applications, why is lending the only one that gets blocked here?

Because lending apps are the only one to engage in egregious behavior, see [1] as an example. The relevant sections are quoted below:

> If a user was late to repay, the app had previously indiscriminately texted or called contacts in the user’s phone as part of loan collection efforts. This process began immediately after a loan repayment was delayed, according to user reviews.

> Numerous users reported that friends, family, employers, and other contacts were harassed and threatened through Opera’s apps when a borrower was late.

(...)

> In another example, the apps threatened to place friends or family of a borrower on a national credit blacklist if they didn’t convince the actual borrower to pay:

[1] https://hindenburgresearch.com/opera-phantom-of-the-turnarou...

link
AlexandrB 1164 days ago
> If a user was late to repay, the app had previously indiscriminately texted or called contacts in the user’s phone as part of loan collection efforts.

Didn't LinkedIn do something similar early on? Harvest your contacts and then email everyone trying to get them to join.

link
hedora 1164 days ago
Yes. I had a phone with a “glove mode” toggle for the touch screen. I discovered it sometimes registered false taps when I pointed at that button to show a friend how terrible it was that the feature existed.

Of course, there was no “are you sure?” after accidentally tapping it.

It sent things to mailing lists, non-work acquaintances, businesses I was a customer of, etc, etc.

link
simfree 1164 days ago
There is such a thing as going too far though. An app I'm familiar with had Apple rejecting the app for accessing contacts, even though the contacts stay on device at all times and the only way they are exported is if you send a debug log which has a warning modal about their contacts being logged and gives the user the chance to edit those out.

There was nothing to be done that would satiate Apple besides disabling the contacts permission, so the user experience is now worsened. It's still death by a thousand cuts when working with these app stores.

link
nerdjon 1164 days ago
As the other person said, what did it actually need the contacts for?

Was it being rejected for asking or for being broken if it didnt get the permissions?

Or was it simply not able to give a justifiable reason to Apple for needing the permission?

You say it was staying on device but once you have access to those contacts it would be trivial to add the ability to send them to a server or have them leak via third party tools like the facebook sdk. That would be completely invisible to the user after giving past permissions.

The fact that you say that the user experience is now worsened makes me believe that contact access was not an absolute requirement for the app to exist (like say... a contacts organizer or something) and is extra functionality.

Personally with very very few exceptions I will not grant an app access to my contacts since anyone in my contacts don't have the luxury to also consent to some company having their data.

link
simfree 1164 days ago
Calling, texting or emailing said contacts from inside the app. Having this data was for the exclusive benefit of the end user, and the permission was optional and did not block use of the app.

There were no social SDKs integrated, and the app and build pipeline are public on GitLab.

link
version_five 1164 days ago
What did the app need the contacts for? I'd say I side with apple on that (I can see how it could be abused to shut down competition though). There really would need to be a good reason to have the contacts. (I don't want to debate the threshold, just interested in a "benign" example of needing contacts)
link
simfree 1164 days ago
Calling, texting or emailing said contacts from inside the app. Having this data was for the exclusive benefit of the end user, and the permission was optional and did not block use of the app.
link