| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by jonemo 4253 days ago
	I would argue that no permission should be "implied". For each example you list in that category, I can find an argument to not make it implied. For example: Many people are on plans with capped data per month and are therefore concerned about how much data an app uses. As such a user I would want to make sure apps like a flashlight app do not use internet connectivity at all. Likewise if you are concerned about privacy and want to know when an app connects to the internet and thereby automatically reveals your location, possibly usage pattern, etc.

2 comments

Someone1234 4253 days ago

> I would argue that no permission should be "implied". For each example you list in that category, I can find an argument to not make it implied.

I'm sure you can. But ultimately it is losing battle.

When you turn something which 99.99% of normal apps require into a "permission" it isn't really a permission at all. Just an obstruction which teaches the users permissions can be safely ignored (i.e. stupid permissions hurt good permissions).

If a user ONLY gets a permissions pop-up when it actually matters they're far more likely to take it seriously than if they get it every time and 9 times out of 10, it is just nonsense (e.g. Reddit app needs internet access, store accounts, SD card write, etc).

> Likewise if you are concerned about privacy and want to know when an app connects to the internet and thereby automatically reveals your location, possibly usage pattern, etc.

Without getting boringly into the intricacies of Android's underbelly, even without the "internet" permission (which is now standard with higher API levels anyway), you can connect to the internet through other APIs and inform a server that you exist.

Literally an app with zero permissions on Android can make API calls which let a server know they're installed at that IP address.

The internet permission was just a good example to throw into the set because Google already moved in the direction of effectively removing it. Now they just need to do more permissions in a similar vein.

link

jonemo 4253 days ago

> When you turn something which 99.99% of normal apps...

I think you are confusing your personal use case with everybody's use case. What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"? Because of the 17 apps on my home screen, 6 do not have a functional requirement for internet connectivity. I bet for users in emerging markets this ratio might be even higher.

> If a user ONLY gets a permissions pop-up when it actually matters...

For most people, spending money is something that actually matters. Again, just because you don't have metered data, doesn't mean everyone else is in the same situation.

> Just an obstruction which teaches the users permissions can be safely ignored

Google manages to sort millions of search results by relevancy, I'm sure they can do the same for app permissions.

link

Someone1234 4253 days ago

> I think you are confusing your personal use case with everybody's use case.

But your "use case" isn't even really solved by permissions. It is solved by OS settings (e.g. turning off cellular data, using the data usage tracker/warning, etc).

> What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"?

No, I mean the majority of apps that exist already on the Play Store. Apps that require no data at all are the exception not the rule, apps that also don't use the accounts API, or store data to the SD card are exceedingly rare.

> I bet for users in emerging markets this ratio might be even higher.

Perhaps, but permissions don't solve this. If data isn't there then apps need to fall back to something else, that is up the developer to implement.

> For most people, spending money is something that actually matters. Again, just because you don't have metered data, doesn't mean everyone else is in the same situation.

Solved by the data usage tracker, not the internet permission.

> Google manages to sort millions of search results by relevancy, I'm sure they can do the same for app permissions.

They also manage to strip millions of search results of no relevance which is what they should do to permissions of no relevance.

link

randallsquared 4253 days ago

> What's a "normal app" anyway? Did you mean to say "apps I use on a daily basis"? Because of the 17 apps on my home screen, 6 do not have a functional requirement for internet connectivity. I bet for users in emerging markets this ratio might be even higher.

It sounds like you're agreeing with the GP that a normal app (11 of the 17 most used, for you) needs internet access?

link

yourad_io 4253 days ago

> Without getting boringly into the intricacies of Android's underbelly, even without the "internet" permission (which is now standard with higher API levels anyway), you can connect to the internet through other APIs and inform a server that you exist.

At the risk of boring someone else, any more info on this? Is this true for the later versions of Android? (4.2+)

I found something similar to what you describe but for 2.x (and then, a very visible "exploit" - i.e. opening the web browser)

link

snfernandez 4253 days ago

Another example is when keyboard apps need internet connectivity, it's a no-no for me.

link