[android-developers] Revoke permissions to access Google Accounts

On Wed, Jan 18, 2012 at 5:41 PM, Kookamonga wrote:
Sorry to resurrect an old thread, but there was never an answer to how
a *USER* would be able to revoke access he/she had granted to an app:

http://groups.google.com/group/android-developers/browse_thread/thread/80e559d0317b71c8/38ecbc20429fdc76?lnk=gst&q=revoke+permissions+to+access+google+auth+tokens#38ecbc20429fdc76

(I wasn't able to reply in that thread; this is why I've started a new
thread.)

Thanks for your help.

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

On Thu, Jan 19, 2012 at 7:55 AM, Kristopher Micinski wrote:

There are a few active research projects that target this direction,
however I'm guessing that this is not what you are interested in :-).

On Thu, Jan 19, 2012 at 7:55 AM, Kristopher Micinski
wrote:
Could you please share those links?

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

On Jan 18, 9:56 pm, Kristopher Micinski wrote:
One of them is from my end, this is binary rewriting to retrofit apps
with enhanced security policies..

http://www.cs.umd.edu/~jfoster/papers/acplib.pdf

another notable project is CRePE droid, which takes the platform based approach

http://crepedroid.org/crepedroid.html

Though as I said, these are very much research projects at the moment.

kris

On Wed, Jan 18, 2012 at 8:19 PM, Nikolay Elenkov







wrote:

On Wed, Jan 18, 2012 at 10:40 PM, Kookamonga wrote:
Kris:

re: your initial reply, I believe we're talking about different
permissions. It sounds like you're referring to the permissions that a
user must accept when first installing the app. I'm not talking about
those. I'm talking about permission the user has to accept that allows
the app access to the user's Google Account (see screenshots in the
thread I've linked to). In Android terms, this would be as a result of
a call to AccountManager's getAuthToken(...) method.

TreKing:

Uninstalling the app is hardly a solution! First, I'm not even sure if
it will work (because I don't think this permission to access one's
Google Account is stored on the phone), but even if it did, it seems
kind of heavy handed to have to re-install the app if you've
accidentally granted certain permissions...

I was hoping there was some way to do it online through one's Google
Account settings. This is already mentioned in the thread linked to in
my initial post, but this is how one would revoke access to Chrome-To-
Phone, for example...

Oh well, still no satisfactory answer. (To tell you the truth, I don't
understand the "broadcast receiver" answer... )
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

On Thu, Jan 19, 2012 at 12:40 PM, Kookamonga wrote:
Oh well, still no satisfactory answer. (To tell you the truth, I don't
understand the "broadcast receiver" answer... )

On Wed, Jan 18, 2012 at 9:40 PM, Kookamonga wrote:

Uninstalling the app is hardly a solution!

On Jan 18, 11:15 pm, TreKing wrote:
Sure it is! It solves the problem you posed! That's a solution, kinda by
definition!
I just tried with the AppBrain app. It does work.

but even if it did, it seems kind of heavy handed to have to re-install the
Perhaps, but it works. I would assume if you didn't trust an app to the
point that you wanted to revoke the permissions granted to it, you would
want to uninstall it anyway.

--------------------------------------------------------------------------- ----------------------
TreKing <http://sites.google.com/site/rezmobileapps/treking> - Chicago
transit tracking app for Android-powered devices

On Thu, Jan 19, 2012 at 2:07 PM, Kookamonga wrote:
Nikolay:

Thanks for the explanation. While I was aware about the server/client
sides to AuthToken, I didn't know the specifics of how it worked on
the Android side... Very informative! Much appreciated. Also, I was
aware of that Google website, but it didn't have the app that I
granted permission listed...

On Thu, Jan 19, 2012 at 11:56 AM, Kristopher Micinski wrote:
One of them is from my end, this is binary rewriting to retrofit apps
with enhanced security policies..

http://www.cs.umd.edu/~jfoster/papers/acplib.pdf

another notable project is CRePE droid, which takes the platform based approach

http://crepedroid.org/crepedroid.html

On Wed, Jan 18, 2012 at 4:41 PM, Kookamonga wrote:

how a *USER* would be able to revoke access he/she had granted to an app

On Thu, Jan 19, 2012 at 9:42 AM, TreKing wrote:

Clear the app's data? Uninstall the app?