We've had years of experience of providing support for an OS taking a much more aggressive approach to privacy and security features. Our users also make much more use of the standard privacy/security features. Are you seriously denying that people regularly hit issues with it?
I understood that, and no it doesn't. Don't allow new app to initiate export process. Require initiation from old app or settings.
-
-
This is not rocket science. Allowing the potential attacker to initiate prompts leading to privileged action, rather than requiring user to initiate in existing trusted context, is always a security ux fail.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
The app can just ask you to do that and send you there. It's not that much difference from needing to spawn a system dialog. A lot of these workflows already send you to Settings.
-
Don't allow any "send you there" action.
-
So lets say someone genuinely needs an accessibility service because their phone is nearly impossible to use without it. Is making it difficult to find the menu for that instead of the app being able to send you to the accessibility page really an improvement?
-
Either way, it's the same UI there. And BTW, accessibility services are pretty much the most dangerous power available to third party apps. It's also very widely abused for hacks, advertising nonsense and evil things.
-
People getting tricked by evil apps into enabled accessibility services go to the same accessibility settings page as they would opening Settings by hand and see the same warning. It only means you don't need to open up Settings + navigate to that page.
-
And to clarify something, by "hacks", don't mean "hacking someone" but meaning fancy overlay features power users like to have. For example, it was possible to implement red shift apps via accessibility services for phones not providing it in the base OS (it's in AOSP now).
-
It's a powerful, scary feature meant for people that genuinely have disabilities and need all kinds of assorted services to help them. An app can't just prompt you with a dialog for it. Needs to be enabled via Settings with an explicit warning dialog there.
-
However, despite that, it was widely used not just for actual accessibility services and malware using it for evil. It was used for hacking together all kinds of frills that people ended up widely using. Apps made by Facebook, etc. end up using stuff like that for frills / ads.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.