> Case in point: android.permission.CALL_PHONE. You need it to initiate phone calls from your app, right?
This kind of thing is why I can't see myself switching to Android as my primary mobile OS any time soon. If anything, I can see a bright future for Microsoft. In spite of the fact Windows Phone exists, Android is very much the Windows of the mobile ecosystem.
Permissions on Android are horrendous for developers. But they are even worse for users. If a developer can't tell the difference between ACTION_CALL and ACTION_DIAL, what chance does the average end-user have?
And when every app requests at least half a dozen permissions, how many users are going to carefully review each and every permission and how many are just going to give up and grant all requested permissions to every app the way that everyone reflexively clicks "agree" to every online ToS? Even if Android actually had a working method to deny individuals permissions, nobody ever has any idea which permissions are essential to which classes of app and which should be treated with suspicion.
Compare this to iOS, where you may occasionally get asked to grant an app access to contacts or location - this is a rare occurrence and you can choose deny every time with no negative consequences (except for restricting that functionality).
The comment by jbk illustrates just how big a mess permissions on Android are, beyond just being confusing. On top of that you've got custom intents, which while a great idea on paper, just pile more complexity on top of a broken foundation of complexity and obfuscation.
This IMO is the single biggest thing wrong with Android, which Google should prioritise fixing like Microsoft in 2002. Never mind signed-app stores like Play: the fundamentally broken security model is the reason why Android is the only mobile platform to have a problem with malware. It's also a brilliant case study in over-engineering with a complete failure to consider human psychology.
Could be the fact that Microsoft updates their iOS and Android apps before the same app on Windows Phone. I've seen that complaint from some of the WP community.
>And when every app requests at least half a dozen permissions
I think this is the core problem here. The "list of permissions" system doesn't make sense to anyone and just seems like some project manager following a list of checkboxes from a list of security practices.
I recently stopped using my Nexus 10 due to getting an iPad3 for a steal. I love being asked if an application can use my location, as opposed to having god knows how many apps on my N10 silently sampling my position. I love knowing that the entire OS isn't dedicated to better selling ads for app publishers. Apple, for all its faults, isn't in bed with the ad industry like Google is.
I really was hoping features like this would come to Lollipop, but apparantly this isn't a priority for Google. Instead we get a byzantine line of permissions no one understands and we all say "Yes" because we want the app. There's no alternative. If the Amazon Kindle app has a permission I must accept it to read my books. I can't just say "No" to location awareness or contact list reading.
I' an Android (Cyanogenmod) user and agree with your point, this could--and should--be done a lot better.
I am not familiar with iOS and iPhones at all. You state iOS apps only rarely need to be granted permissions, how do they make that work? I can see only three ways that could happen:
Either the app can do most things without asking permissions (bad for the user--there'd be malware). Or the app simply can't ask for permission to do a lot of things (bad for the developer, and ultimately the user--because less functionality). Or it's a combination of the first combined with the iOS App Store's walled-garden quality check approach (bad for everybody, and the biggest reason I got an Android instead of iOS device).
I could be wrong but I'm guessing it's the third option?
I'm going to try to be objective here, crazy how I can just feel that seed of fanboiism in my head, let me just leave it at me being idealistically opposed to the walled garden approach for reasons that have been rehashed on HN for ages now :)
That said, there's also a few practical things the iOS walled-garden App Store could improve upon. First one being the $99 developer fee. I teach kids computerstuff and one time a particularly clever 11-year old needed some help setting up Eclipse, I didn't have a smartphone myself back then, I wasn't sure what he was trying to do, so I just helped him navigate the English menus, install the proper Java things and let him at it. Sure enough, an hour later he proudly showed me his Android phone. "Hello World", it said.
Another thing, this iOS App Store review process, it's done by humans yes? Does it scale? From what I've heard, even though I mostly heard it in the form of complaints, you get rejected by actual humans, yes? That's obviously never going to happen to Google's Play Store. But then again, the Google Play Store isn't quite as deeply engrained into Android as the iOS App Store, you don't need to use it, you can even completely step out of Google's ecosystem and still use Android (though it's hard, a bit like using Linux 15 years ago). Does the iOS App Store also use scanners and automated tests for new applications? I bet they do, do we know what kinds? Like it could test for certain kinds of API calls so the human reviewers know what sort of thing to look for.
One funny thing is, I used to have to explain people what "repositories" are in Linux, what they do, what they're used for and why they're so much cooler than (Windows) having to download .exe installers from all sorts of websites to get your software. Nowadays I can just tell people "it's pretty much like an app store", and they know all they need to know. That Ubuntu Software Centre even looks like an app store, with all the stars and ratings (blegh).
However, the repositories in Linux, are not quite like either the Google Play Store or iOS App Store. They obviously do not have the walled-garden approach, it's entirely open. Linux software from the repositories doesn't need to ask for permission for anything (except sudo). Still, there is no malware in the repositories, at all. I admit I am a little bit vague on how this works too, perhaps I'm missing something obvious, but how do they do that?
> I could be wrong but I'm guessing it's the third option?
Nah, it's a combination of two things:
1. Applications are granted internet access by default. It's possible to disable cellular access on a per-application basis, but not networking in general
2. Permissions are asked for at point of use with a big allow/deny dialog. This has several consequences
* it's easier for the user to understand why the application would want to e.g. access their contacts
* the user only gets the dialog if they're accessing a feature which claims a need for it, no paying a privacy/permission cost for stuff you don't do
* the more stuff an application wants access to the more scary dialogs they'll prompt, so application developers have tended to not go overboard
Also all permissions can be revoked (or granted) afterwards, aside from cellular they all live in Settings > Privacy, and inside each permission is the list of applications which asked for it, and whether they're allowed or denied access
Thanks, that makes sense. Better option than what Android does too, IMO.
Especially if the permissions are also more granular than they are on Android. Otherwise I could imagine an evil app prompting a type of permission in the context of something completely innocuous and reasonable (say, to pre-fill contact data to some input field), only to use that very same permission immediately afterwards for something evil (sending all contacts data to their servers).
The app starts out completely sandboxed. No access to any hardware other than speakers and display (and even then, iOS has a layer on top of your canvas for the status bar and system dialogs). No access to the hard disk other than the app's local files. Instead of asking for permissions on app install, the app asks for permissions as you try to use them.
For example if you installed Instagram, you could scroll through the news feed fine but if you wanted to take a picture it would ask you to access the camera as soon as you try to. If you tried to take a video, it'd ask for permission to use the mic. Similarly it would ask for access to your photos as soon as you try to select a picture to upload from your camera roll. If you try import your contacts to find people to follow, it would ask for permission to read your contacts list. If you try to tag your location in a picture it would ask for access to the GPS as soon as you click the check mark. If for some reason Instagram allowed people to make calls, as soon as it tries to make the call you get a pop-up asking to confirm if you want to place the call or not.
> That said, there's also a few practical things the iOS walled-garden App Store could improve upon. First one being the $99 developer fee.
> Still, there is no malware in the repositories, at all. I admit I am a little bit vague on how this works too, perhaps I'm missing something obvious, but how do they do that?
All of the code on Linux repositories are (is?) open source if I'm not mistaken.
Linux software from the repositories doesn't need to ask for permission for anything (except sudo). Still, there is no malware in the repositories, at all. I admit I am a little bit vague on how this works too, perhaps I'm missing something obvious, but how do they do that?
You are simply trusting whoever is running the repository, most of the time this the distro itself, which you already trust.
This kind of thing is why I can't see myself switching to Android as my primary mobile OS any time soon. If anything, I can see a bright future for Microsoft. In spite of the fact Windows Phone exists, Android is very much the Windows of the mobile ecosystem.
Permissions on Android are horrendous for developers. But they are even worse for users. If a developer can't tell the difference between ACTION_CALL and ACTION_DIAL, what chance does the average end-user have?
And when every app requests at least half a dozen permissions, how many users are going to carefully review each and every permission and how many are just going to give up and grant all requested permissions to every app the way that everyone reflexively clicks "agree" to every online ToS? Even if Android actually had a working method to deny individuals permissions, nobody ever has any idea which permissions are essential to which classes of app and which should be treated with suspicion.
Compare this to iOS, where you may occasionally get asked to grant an app access to contacts or location - this is a rare occurrence and you can choose deny every time with no negative consequences (except for restricting that functionality).
The comment by jbk illustrates just how big a mess permissions on Android are, beyond just being confusing. On top of that you've got custom intents, which while a great idea on paper, just pile more complexity on top of a broken foundation of complexity and obfuscation.
This IMO is the single biggest thing wrong with Android, which Google should prioritise fixing like Microsoft in 2002. Never mind signed-app stores like Play: the fundamentally broken security model is the reason why Android is the only mobile platform to have a problem with malware. It's also a brilliant case study in over-engineering with a complete failure to consider human psychology.