Android has a lot of information leaks. I hate to keep beating this dead horse, but as of last year Google gives every app you install access to your cellphone number without them needing to ask for an extra permission (READ_PHONE_STATE is now a freebie as far as the app store is concerned, it isn't listed, in fact it will say "no special permissions" if READ_PHONE_STATE alone is in the manifest).
I honestly think Android's permission system is a joke, and a sceptical Google will fix the majority of the information leaks with this up-coming update.
PS - It is "interesting" that getting your google account address requires a special permission on Android, but getting your phone number does not. Wonder why that is? IMEI too.
If they've found that users almost always say yes to it, that might be the correct choice for being consistently usable even if you (and I) dislike that choice.
I am not sure how it should be handled.
Allowing an app to automatically propose the user's email in a login form is pretty good in terms of UX ... but it means that the app can access to that data.
It seems pretty clear how this should be handled, no? If the app wants to do it, then, as with anything else that might make the user experience better at a privacy cost, let it ask for permission to do it!
Having to ask for the permission to display the email just for the autocomplete makes sense from a privacy perspective, but defeats its UX purpose.
A better solution would probably be to continue to move away from email + password logins and ask the user to login once in an OCD platform and then only propose this in order to signup/login to an app.
I believe these are certainly the result of deliberate decisions.
Remember when Google introduced fine-grained permission control, received much praise for it, then removed it almost immediately afterwards? To me, that showed they clearly valued the interests of themselves and their monetising "appvertiser" developers over the freedom of the users.
Even the actual SSID name is probably more than an ordinary app needs to know.
Unless it needs some sort of location data to provide functionality, what is the minimum set of facts that would cover app behaviour?
I guess they might want to know:
- if the connection is secure and/or explicitly trusted
- if the connection is bandwidth-metered
- if the connection can route to the internet
Then, it can check those flags and decide if it wants to download those 3GB of your personal banking details or whatever.
Or, perhaps better still, it registers one or more 'acceptable network profiles' based on the above fields, and the OS gives it a callback when is becomes available/unavailable.
That would prevent it from polling and building a neighbourhood network map, but I suppose it could still register for all possible combinations, and beacon out to a remote host which can then geo-IP backtrack it to you-ish.
I'm definitely not happy with the carefully secreted privacy options scattered around the android UI. I'm still getting used to it, and every time I poke around in a settings menu I'll probably find at least one thing I would much prefer to default off.
Is accessing nearby BSSIDs available in a similar fashion on iOS? A quick look reveals: https://developer.apple.com/library/ios/documentation/System...