So, for example, Signal doesn't have this issue because it doesn't put media files in shared storage. It doesn't mean it isn't an OS issue though, because the OS shouldn't support a coarse access control model for shared data. It applies more broadly to things like contacts too.
Conversation
Ugh don't even get me started on apps requesting access to contact lists -_- You just know it's headed back to Palentir
1
The sad part is that it's another case where Android already supports a fine-grained alternative. Apps have the ability to request that the user take a picture, without the Camera permission. Similarly, they can request that the user pick a contact, without Contacts permissions.
1
1
1
In many cases, Android has 2 approaches: fine-grained access based on explicit case-by-case user consent using intents and bulk data access via permissions. Apps nearly always choose to request permissions for bulk data access. Storage, contacts, camera, etc. are all similar.
1
2
1
It's entirely possible to apply the Scoped Storage approach to other permissions. For example, remove the Contacts permission and instead provide a per-app contacts list. Apps using the approach of case-by-case user content for contacts would still be able to use global contacts.
2
1
2
I like this. Alternatively contact access could easily be an API interface like the file picker, whereby the collection of contacts is not accessible by the app, and only the phone number or whatever info is required for the app to process the request is passed to it.
1
1
This is the existing system API for it:
developer.android.com/guide/componen
It works just like the Storage Access Framework introduced in Android 4.4. Instead of requiring permissions, the user is selecting data to share on a case-by-case basis. This exists for many things already.
1
1
developer.android.com/guide/componen is the API for taking a picture, based on the user taking a picture with their preferred camera app to share with the app. Android was designed to be used this way, but since it has the bulk access permissions, hardly anyone is going to bother with this.
1
1
Apps generally want to provide their own interface heavily integrated into the app and having the bulk access allows them to provide features that would not otherwise be possible, such as showing you a full list of your existing contacts with the same messaging app installed.
2
So, it does make sense that apps prefer to request the bulk access permissions. If they cared about privacy, they could provide a fallback implementation based on case-by-case access requests when the permission is refused. Hardly any apps bother with it, and just don't function.
1
Similarly, with the camera, the case-by-case API for taking pictures doesn't allow defining their own user interface or features like dynamic filters / data analysis (like scanning a Snapchat ID). There are legitimate reasons to want the permission, but rarely to mandate it.
App developers won this battle. There is so little respect for privacy and user consent that users are completely unaware that there is even OS support for doing it any other way. Users aren't aware an app could support taking a picture without having the Camera permission, etc.
1
1
4
This applies to apps like Signal too. Signal goes out of the way to keep the data inside Signal private, but it doesn't care one bit about letting users avoid granting bulk data access to Signal itself. I don't think it even occurs to developers that they should implement this.
1
2
4
Show replies
This is true for live filters / analysis. So many applications though can process the image/video after the file is saved. For the QR code example, the API could take the photo and save it, then the app can process the image and delete it.
1
If an OS wants to provide apps with a custom interface to access user assets on a phone (e.g. camera/files), it can provide a low level asset handler that sits in a frame within the app. This would give the app the ability to decorate the data served within the frame.
1
Show replies