So, it has been delayed by at least a year to Android R. It will become mandatory for the Android R API level, but it could take even longer for it to be enabled for apps targeting legacy API levels. The implementation works and it's a compatibility/usability vs. privacy choice.
Conversation
From the perspective of someone that cares about privacy and security, the fine-grained Storage Access Framework model has been around since Android 4.4 and the coarse access control model was clearly a major issue. I wanted apps to use SAF for ages, and it's what I used myself.
1
1
2
Most developers don't care about privacy and security, especially when it comes to respecting user consent and giving them control over their information. If improving those takes any effort, they won't do it. Users will usually just authorize whatever is needed to run the app.
1
1
So, for example, Signal doesn't have this issue because it doesn't put media files in shared storage. It doesn't mean it isn't an OS issue though, because the OS shouldn't support a coarse access control model for shared data. It applies more broadly to things like contacts too.
1
1
Ugh don't even get me started on apps requesting access to contact lists -_- You just know it's headed back to Palentir
1
The sad part is that it's another case where Android already supports a fine-grained alternative. Apps have the ability to request that the user take a picture, without the Camera permission. Similarly, they can request that the user pick a contact, without Contacts permissions.
1
1
1
In many cases, Android has 2 approaches: fine-grained access based on explicit case-by-case user consent using intents and bulk data access via permissions. Apps nearly always choose to request permissions for bulk data access. Storage, contacts, camera, etc. are all similar.
1
2
1
It's entirely possible to apply the Scoped Storage approach to other permissions. For example, remove the Contacts permission and instead provide a per-app contacts list. Apps using the approach of case-by-case user content for contacts would still be able to use global contacts.
2
1
2
I like this. Alternatively contact access could easily be an API interface like the file picker, whereby the collection of contacts is not accessible by the app, and only the phone number or whatever info is required for the app to process the request is passed to it.
1
1
This is the existing system API for it:
developer.android.com/guide/componen
It works just like the Storage Access Framework introduced in Android 4.4. Instead of requiring permissions, the user is selecting data to share on a case-by-case basis. This exists for many things already.
1
1
developer.android.com/guide/componen is the API for taking a picture, based on the user taking a picture with their preferred camera app to share with the app. Android was designed to be used this way, but since it has the bulk access permissions, hardly anyone is going to bother with this.
Apps generally want to provide their own interface heavily integrated into the app and having the bulk access allows them to provide features that would not otherwise be possible, such as showing you a full list of your existing contacts with the same messaging app installed.
2
So, it does make sense that apps prefer to request the bulk access permissions. If they cared about privacy, they could provide a fallback implementation based on case-by-case access requests when the permission is refused. Hardly any apps bother with it, and just don't function.
1
Show replies