[DannyBee]

"What's the mindset behind the broken permissions on Android?

Where any app that wants to change behavior when you get a call must request permission to your IMEI and calling/called number? Or why the broken, upfront, all or nothing model is still even used?"

At the time android created its permissions model, most of these issues were not obvious, or it would have been done differently.

Remember, of course, that prior to things like android (the first version of the iphone only had webapps), permission models of any sort were pretty much unheard of. Flip phones running java apps, or blackberries, had apps that got to do whatever they wanted.

Permissions changes are being slowly made in android. The same way you'd slowly change most serious things about something with billions of users.

It's not like C++ or Java just release new features every day (even if we may want them to :P).

This is of course, the same as any large system in engineering.

I don't know enough to comment on the rest.

" At what point are we allowed to say Google's mindset is not "don't be evil" as far as external observers are concerned? Or will everyone that brings this up always be labeled as unable to understand?"

Truthfully? It doesn't matter. At some point, every company large enough will lose its sheen, and people will worry about it, and eventually question its motives. Nobody can be perfect at doing the right thing all the time, even if they wanted to. Eventually, even with the best of intentions, mistakes add up, and people stop believing. In fact, i'd wager it happens slower if you don't even try to have good intentions, and and just stay under the limelight, rather than try and occasionally mess up.

In any case, I guarantee the same will happen to Mozilla (or whoever we want to peg as the current defender of the world) over time, the same as it has happened in the past to every other company. Non-profitness won't save them.

[JetSpiegel]

This is a lie, I have a Nokia with the S40 OS and Java apps can't just do anything they want, particularly sensitive thing like accessing contacts and making internet connections.

In fact, if your app isn't signed by Nokia, you can't let an app make a request without nagging you for permission. This totally kills homebrew.

[DannyBee]

This was the "pretty much" part. But even that permission model is really really simple.

MIDP 2.0 had permission domains. In practice, the permission domains were basically "want this app to let you do anything on your phone Y/N?" for a lot of phones.

In the specific case of S40, Nokia's security policy came into play in 6th edition feature pack 1, or so Nokia claims.

For fun, look at the deviations different carriers (and editions) have at http://developer.nokia.com/community/wiki/Java_Security_Doma...

[ptx]

The permission domains govern what the defaults are and what permissions you are able to request, but the permissions themselves are more finegrained. And none of them defaulted to "allow" – see table linked from the page you linked to: http://developer.nokia.com/community/wiki/MIDP_2.0_API_acces...

"Trusted 3rd party domain" is everyone who gave heaps of money to Verisign. They get no permissions by default, but they can request, for example, network access and the user can then grant it once, per-session or always.

"Untrusted 3rd party domain" is the rest of us, and basically any app I ever installed, in which case the user is prevented from selecting "always allow" for network access and is prompted once per session, which was highly annoying.

So if anything, it was too secure! Sun sank their own standard by requiring expensive certificates for normal functionality. If they had used self-signed certificates they way Android does (checking on upgrade that it's the same certificate) it would have been great.

"Operator protection domain" and "Manufacturer protection domain" mighty work differently, but that's no different from the stuff that comes pre-installed on Android phones having access to everything without asking.