25 Matching Annotations
  1. Jun 2020
    1. “The alarming truth,” warned the researcher, “is that the average number of permissions requested by a flashlight app is 25.”
    2. “Asking for too many permissions is dangerous,” ESET malware researcher Lukas Stefanko explains. “These permissions can be misused as an exploit to access more device components, such as call logs, phone numbers, and browsing history.”
    3. At the heart of Google’s challenge has been so-called permission abuse—millions of apps requesting the rights to access device data and functions beyond those needed to deliver their own functionality.
    4. The security feature in Android 11 is a long overdue crackdown on this permission abuse.
    1. Google’s novel response has been to compare each app to its peers, identifying those that seem to be asking for more than they should, and alerting developers when that’s the case. In its update today, Google says “we aim to help developers boost the trust of their users—we surface a message to developers when we think their app is asking for a permission that is likely unnecessary.”
  2. May 2020
  3. Feb 2020
  4. Jan 2020
  5. Nov 2018
  6. Sep 2018
  7. Aug 2018
  8. Nov 2017
    1. If you recall your LMS patent infringement history, then you'll remember that roles and permissions were exactly the thing that Blackboard sued D2L over.
    2. (At the time, Stephen Downes mocked me for thinking that this was an important aspect of LMS design to consider.)

      An interesting case where Stephen’s tone might have drowned a useful discussion. FWIW, flexible roles and permissions are among the key things in my own personal “spec list” for a tool to use with learners, but it’s rarely possible to have that flexibility without also getting a very messy administration. This is actually one of the reasons people like WordPress.

  9. Oct 2017
  10. Feb 2017
  11. May 2016
    1. Your privacy is very important for us and we’re trying our best to ask you for as little information as we can

      First, I have no reason to think you are anything but well intentioned. Second, your code is open source so it would be harder for your organization to hide any foul play. Nonetheless, please anyone correct me if I am wrong, this set of permissions would be sufficient to collect server-side a complete browsing history for each user with the extension installed. This would be a gold mine for intelligence and advertisement purposes. A similar service to hypothes.is, genius, is VC funded and seeks a return on investment. Its chrome extension requires equally extensive permissions but there is an alternate extension, genie, that claims to offer an alternative without the "read and change" permission. Hard to believe, but people must at least consider the possibility of extensions turning rogue. I consider the "read and write ... on ALL websites" a threat and do not install any extensions that require it. I use the bookmarklet, which offers an inferior experience, but I can decide page by page if I am OK with a third party knowing that I am reading it. Also, I decided against using hypothes.is as the commenting system for my blog, since I don't want my readers to be traceable by a third party I choose on their behalf. I am heartened that you are already working towards reducing the number of permissions required, but I was wondering if you had additional comments for people who need to protect their browsing activity against worst case scenarios and can not accept the "trust us" argument.

  12. Jan 2016
  13. Jul 2015
  14. Feb 2015