Hacker News new | past | comments | ask | show | jobs | submit login

I saw the WebMD app nag and thought for more than a few moments that it was from codinghorror.com.

And was unmistakably annoyed.

Then I realized that was precisely the point. And yes, it's absofuckinglutely annoying.

Right up there with interstitials and flyovers on webpages. I'm thinking of writing a default Stylebot CSS to simply block any element class / ID starting with "fly".

The other problem, of course (and checking to see if Jeff addresses this -- yes, obliquely) is that every app comes with its own permissions set(s) which I the user need to individually inspect and vet. And, frankly, which I'm increasingly reluctant to do so.

Fastest way to get your app removed from my phone? Request additional permissions. Goodbye Pandora, whatever that "identify that song" app was, Facebook, Mr. Number (irony: nominally a privacy-enhancing app) and others.




Fastest way to get your app removed from my phone? Request additional permissions.

Unfortunately there's little the developers can do about it, short of not adding any features. You have to ask for every permissions your app could potentially need to use, upfront. You can't ask at point of use. This is a huge Android flaw.


My local credit union works fine in a browser, but their (cr)app (the cr is silent) wants access to my complete contact list, presumably for spamming purposes. Nope! Not happening.

Other than that oddity in their outsourced app, they're a legit business, not scummy at all, which makes it weird. A place that specializes in financial transactions should probably stick to traditional protocols like a website and stay out of the (cr)app business.

I want to do mobile banking. I don't want them to add the feature of "spam my friends and family" at all. No thanks!


Another problem is that you need some permissions for even the most basic functionality.

Let us assume I'm making a singleplayer game that happens to take more space than 50MB. For that I need internet and external storage write permissions in addition to network and wifi state etc (see http://developer.android.com/google/play/expansion-files.htm...)

And all this because the persons designing android thought that 50MB is enough for all applications and thus made their package manager to cap packages at 50MB. Imagine if .deb or .rpm would be 50MB max.


Writing to storage I can allow.

Location, comms (absent some networking), messaging, address book / contacts, phone ID, Nope Nope Nope.


If you want to use 50mb of my phone's flash space then yeah, you'd better have a good reason for that.


Requesting 50M+ of storage for a single player game is a good enough reason, that's not outrageous for graphics resources, music etc. But would you understand that this necessarily leads to the app having to request:

    <uses-permission android:name="com.android.vending.CHECK_LICENSE" />
    <uses-permission android:name="android.permission.INTERNET" />
    <uses-permission android:name="android.permission.WAKE_LOCK" />
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    <uses-permission android:name="android.permission.ACCESS_WIFI_STATE"/>
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
as well?


If there's not a damned good reason I can see for you to need those perms, then it's "no fucking way".

Pandora, my location and address book? Nope, nope, nope.


The problem, as I've been trying to explain, is that if any other user does want a feature that somehow uses those perms, the app has to request them at install. There is just no other way on Android.

Realistically you can only use apps that aren't developed further.


"any other user does want a feature that somehow uses those perms,"

Nobody "needs" or "deserves" or is "entitled" to my location and contact list merely because they would really like to spam me and my friends. If that is "development" then I don't want it. My contact list is absolutely positively none of their business and I will not cooperate with them. They need me a lot more than I need them, so we'll see how this turns out.


You misunderstood. If the app has any other users that want to use a feature that needs it on their phone the app maker has to request it on your phone too even if you would never use it.

There are way more people that want new features from their apps than there are users that check the permissions list. This is a lost cause until Google fixes Android.


And you misunderstand: for many of us, that's an absolute dead stop.

It's also an ethical issue: my contact list isn't even mine -- it's other people's data, and their association with me. Even if I am OK providing it, there's no way I can assure that others are. Requesting contact lists is utterly immoral (and yes, so are companies which do it).

What I'd like? What I'd like is granularity on this. I'd like to be able to mark my contact info off-limits. I'd like to duck the surveillance society altogether. I'd really like a legal framework which governs this stuff, as it doesn't seem there's any other way to get the changes I'd prefer. Yes, I'm aware that's going to cause a lot of pain for a lot of companies, but it's absolutely something they've brought on themselves with the present set of circumstances.


What I'd like is granularity on this.

Well, that makes two of us. I'm sure all Android developers would like the option to request permissions at point of use, so users who want to use the feature can give the permission, and the ones who don't, don't have to. But it isn't there, period. So the choice is: don't add features users ask for and listen to the people telling you they don't trust you to use the permissions you request wisely, or add features your users are asking for, and tell the ones that don't trust you to get lost.

You get one guess at what application developers do.

BTW. Good luck with getting the government to legislate that you can't implement features users ask for.


The permission set is just a huge flaw in Android. They really need to adopt the iOS model.


What's the IOS model?

My view: I should be able to specify what (if any) of my information is available. It's up to the app to decide if it wants to be there or not.

There are some tools (I run across mentions, and there was one Google apparently pulled after "accidentally" releasing it) which do this. But really, it's why I'm looking for a dumb phone and a tablet running the tools I want (Web, eBook reader, SSH) and local apps, but not Android. Really bad taste in my mouth.


The iOS model uses App Store reviews (with whatever static analysis secret sauce they do), plus user permission requests for access to some things like location and contacts.

I'd suggest Nokia's Symbian permission model was better, if a little annoying. It asked each time the app tried to use a given permission (until you permanently allowed/disallowed it).


I never had a Symbian device (though a couple of friends had Psions), but always had a bit of a soft spot for them.


I never had a Symbian device...but always had a bit of a soft spot for them.

As someone who had and had to develop for it in the early days: those two things are directly correlated.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: