Hacker News new | past | comments | ask | show | jobs | submit login

What you describe hasn't been the case for almost a decade. On iOS and Android apps need to explicitly request and be granted one-by-one permission for all those items.

Which is exactly the problem I'm encountering for web apps--typically the browser is granted all those privileges and then there is a per-site restriction in place. (1) I don't trust this sub-level restriction as much as I do the native per-app restrictions, and (2) it's often more difficult to configure and stay on top of (e.g. iOS will nag me if an app has been using my location in the background, the browser will not).

For these reasons, I restrict my browser to NOT be allowed access to bluetooth, location information, etc. Nobody gets to track me through the browser. If a site I use needs those capabilities, I install their app.




Here’s an example of how large companies abuse their power to push back against these privacy guards.

iOS has the ability to share your photos with an app in a special “picker” where you select the pics you want to share and then they’re sent to the app. The app can’t see the picker so it only has access to the photos you explicitly share.

WhatsApp deliberately ignores this integration path and gives you a choice of either manually choosing more photos to share each time, then selecting them a second time. Or sharing all photos forever, which most users will eventually choose because the friction of the first one is so massive. It’s done cynically and deliberately so they can have access to all your photographs. I shudder to think for what purpose.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: