9 Responses

  1. Mark Avey
    Mark Avey at |

    I really do wish folk would thoroughly look into all aspects of these issues before reporting on them. I tried to respond directly to Mark Murphy regarding his post on Evernote, which, frankly, seems to indicate he’s hardly ever looked into its feature set.

    Mark says “The Evernote app requests a fair number of permissions. Some make sense, such as the INTERNET permission (kinda important for a Web service). Some are a bit dubious, such as needing both coarse and fine location data.”. If he’d ever taken a good look at the app, he’d see that it offers both geo-tagging and a “Notes nearby” function, both of which obviously require location data!

    I would have responded direct to Mark, but he doesn’t enable comments on his site, but seeing as you’ve also mentioned it, I thought it was important to redress the balance a little.

    Both Mark and yourself make important points, but they’re a tad nullified by a rather obvious gaff.

  2. roy
    roy at |

    Mark Murphy just got caught in the moment because of the Trojan that arrived that week.

    I saw his (and this post) on planetandroid and I literally had to scroll down two posts to see why evernote was requesting the contacts permission; it wanted to do what 3banana already does; allow you to have evernote as an option in the menu when you press share on certain items.

    No biggie.

  3. William Ferguson
    William Ferguson at |

    One way to trim the permissions required by an app is to decompose it into separate apps that require permissions more specific to their needs.

    For instance you could remove the need for internet and locations permissions to serve ads if the Ad to display was retrieved from a separate AdServer app.

    A general purpose AdServer app could be resued by multiple applications. Sounds like a decent small open source project to me.

  4. nom
    nom at |

    i was just skimming through your post and i was thinking what if android just made it mandatory to include app-specific examples of permissions used in the manifest file ie. what they are really used for. the existing apps will not be affected early on but will be when upgraded to the new api level. btw, i apologize if you already mentioned this idea, i didn’t read the article thoroughly.

  5. Tom
    Tom at |

    Agree. It would be much more secure to let new program X use my program adserver, then let X use location directly. Even if the author of X claims he will only use it for ad purposes, who knows what he really wants to do with the info…

  6. alex
    alex at |


  7. Problematic Permissioning : floor4
    Problematic Permissioning : floor4 at |

    […] remains that this explanation should’ve been provided at the outset.  There are all sorts of examples out there of this happening, yet some developers/publishers still make this mistake.  It’s a […]

Comments are closed.