Android's take-it-or-leaveit install-time permission model sucks. I just counted 32 permissions for the Facebook app. When the user goes to install the app they are supposed to review that long list and decide if they are going to take it or leave it. The reality is most users have no idea what they're being asked and just hit Accept. Which means for most practical purposes there is no permission security.
Much better is the iOS model where there are a select few extra-sensitive permissions that cause a popup when the app requests it and lets the user decide if they're going to grant it at runtime, not install time. That lets the user know what triggered the request and decide if it's legitimate. It also allows them to continue using an app even if they don't want to share their location or whatever.
I agree. I wish Android had denial or "spoofing" of permissions in stock form.
I do appreciate that Android points out even smaller details, however: "access to your contacts" is one that works without prompting on iOS, if I remember correctly.
It'd be nice if users could choose both the level of detail and choose piecemeal.
Obviously, we'll never see it in stock/vanilla, but there is something to be said for the fact that you do spoofing at all via pdroid, which takes less than half an hour to set up if you're of the hacker persuasion. I dreamt of such a security setup for two decades before android ever came to be.
It would be great if Android collected all the permissions that are commonly disabled for an app and then presented the permissions on an app-by-app basis sorted from most disabled to least disabled.
This way users of any app in the Android ecosystem can rely on the wisdom of the crowds to quickly see which permissions people who know better commonly disable.
Should every user look over the entire list? Yes, in an ideal world. But since that isn't realistic, the best we can do is present them with those they will mostly likely want to disable right at the top.
Google _could_ fix this by requiring SecurityException to be handled.
1. Enable the user to select "a la carte" permissions on a per-app basis.
2. The user selectively turn off permissions, e.g. I WANT my flashlight app to throw an unhandled exception when it tries to get my location.
3. Require exception handling for missing permissions in new versions.
The burden for developers is low, especially in the cases of gratuitous permissions.
There are some cases, like address book apps that require access to the Contacts provider where a permission could make an app's functionality a nullity, but I think the everyday user is OK with seeing a crash dialog if a crappy app with obnoxious permissions craps out.
In the case of a high-value app like Facebook, Facebook would be motivated to explain permissions and provide exception handling that preserves as much functionality as possible.
If app compatibility becomes an issue, "nerfed" results instead of thrown exceptions could be used to trick apps into accepting fake data.
By combining options, notifications to the user, the use of SecurityException, and changes to exception handling requirements, Google could readily retrofit fine-grained user-controlled permissions to Android.
Much better is the iOS model where there are a select few extra-sensitive permissions that cause a popup when the app requests it and lets the user decide if they're going to grant it at runtime, not install time. That lets the user know what triggered the request and decide if it's legitimate. It also allows them to continue using an app even if they don't want to share their location or whatever.