Hello,

There are a few apps that implement something similar to what you are
proposing here, although all of them need root access or changes in the
framework like the Cyanogen permission revocations.

Check out the following:

LBE privacy guard (Free):
https://play.google.com/store/apps/details?id=com.lbe.security.lite
Works by hooking the permissions API calls, IMHO it's the best app
although it doesn't work properly on Android 4.1 yet but it's perfect if
you have an older Android version.

Permissions Denied (Free):
https://play.google.com/store/apps/details?id=com.stericson.permissions

Permissions Denied Pro:
https://play.google.com/store/apps/details?id=com.stericson.permissions.donate

Cheers,

Pau Oliva
On 07/24/2012 07:50 PM, Kevin Veroneau wrote:
If Android implemented a PERMISSION Firewall, it can better allow the
user to control what happens on their mobile device. This would be
similar to how a user can manage their browser settings for individual
websites. If I only want a specific amount of website to be-able to
set cookies, I can do that. I can also control which websites can use
plugins, and even JavaScript. Android needs a similar system for it's
PERMISSION system.

All the time, I see apps requesting permissions which quiet obviously
I'm spectacle about providing them. Most of the time, I just don't
install the app, due to the permissions being requested are a little
too much for my tastes.

In the settings on Android, the user can whitelist and black list
permissions for specific apps. Think of how NoScript works, you can
choose to block all, be prompted, or unblock everything.

Rather than an app crashing when requesting a permission which has
been blacklisted, it should respond back with the appropriate error
message. For an Internet black list for example, it would merely
respond back to the app, saying that there was no network connection
available. The app can then handle this error message like normal.
This will ensure backwards compatibility with old apps. If it's the
first time an app is requesting network access, and if the settings
are set to prompt, then a subtle box will appear asking the user if
they wish to "Allow", "Allow once", or "Block" the attempted
permission.

I would prefer a rich interface, or at least advanced options for
advanced users. Such as if an app if requesting GPS, what should the
app be provided if I block the request. Examples could include a
random location in my current country(as some apps use GPS for
regional locking or settings). If an app is to send out texts or call
a number, having an "Allow once" button would make it much easier to
understand what the heck the app is using these features for, and if
it should just be blocked entirely.

If XDA developed such a system into their custom ROMs, I would forever
move over to a 3rd party ROM from XDA and forget about official google
ROMs, as this is a needed security feature in Android or any mobile
device for that matter. This device stores our personal information
for crying out loud, and the way security is handled in Android is
absolutely archaic and needs to change NOW!

Please Google, or even some third party ROM developer, release some
sort of android patch to make this a reality. If for some odd chance,
a cell phone manufacturer implemented this and left out the rest of
Android, then I will be forever loyal to you, as this is a handset
selling feature. I am sure other consumers will agree that this is
currently a must-have android security feature. If Android is going
to survive against the other mobile OSes out there, it needs to clean
up it's security big time, or consumers may flock over to iOS or even
worse, Windows Phone. Although security issues haven't stopped
Microsoft's flagship OS from selling, so who knows, maybe consumers
don't really care about this security mumbo jumbo, and only us geeks
and privacy advocates do.

I also give permissions to any Android blog out there to publish an
article about such a system being implemented in Android. However,
please reference this googlegroups.com post and give credit were due.
I'm not entirely sure if this type of security was previously thought
about by someone else, if it was, then why hasn't it been implemented
yet?!?!
--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Search Discussions

Discussion Posts

Previous

Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 7 of 8 | next ›
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedJul 24, '12 at 5:50p
activeJul 25, '12 at 12:44a
posts8
users7
websiteandroid.com

People

Translate

site design / logo © 2019 Grokbase