[roywiggins]

I said that people who already know don't think about it. That's not something you can solve by educating them more. When I'm sharing a photo, I am going to think about what I can see in the photo as a data risk, not the invisible stuff that I might intellectually have heard about. It's just not going to come to mind.

People who know about phishing get got by phishing attacks, too. How well has however many years of "cyber awareness training" gone?

[rickdeckard]

Agree. That's also the dilemma with asking the user for his permission, it is very difficult to frame a concise question and get an educated decision there. So, better to only ask if the App explicitly requests that permission sounds reasonable.

The prior threat-model was, that e.g. a camera/gallery app which may/may not have a permission to a users current location, also has access to the history of a users' locations just by scanning the images when showing the camera roll.

It frankly makes sense to create a separate permission just for this location metadata AND strip this data when no permission was granted, I believe everything else would be MUCH harder to explain the user...

[tentacleuno]

I assume Google are very hesitant to add additional permissions, and any additions get very carefully thought about. Having too many prompts can lead to popup blindness, which defeats the entire purposr of the permission system in the first place.

I'm sure I recall much older Android versions presenting all of the app's permissions at install-time. I'm very willing to bet that most users didn't actually read any of it. Overall, it seems like a very interesting problem to solve.