None of you are at all familiar with how it works and don't even seem to have experience *using* a current Android phone, let alone experience working with non-technical people or even just non-programmers / non-cryptographers using this kind of software. :\
-
-
Replying to @CopperheadOS @RichFelker and
It's really silly trying to explain to us how it works or what the pitfalls are when we have a lot of experience with it. Could go on long rants about everything that's wrong with it and what they should be doing but it's not at all what people without experience keep claiming.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker and
If you want to talk about garbage privacy how about both Android and iOS granting apps access to sensors without needing any permissions. Can do coarse 100-200Hz audio recording (ML -> detect speech), track movement (ML -> match to routes to find location), etc. with 0 perms.
2 replies 0 retweets 1 like -
Replying to @CopperheadOS @RichFelker and
Being able to explicitly grant apps access to get phone state information and SMS/MMS/RCS data has nothing on that. At least that's something you have to very explicitly consent to doing and you can change your mind for future data.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker and
Not sure what's hard to understand about the major usability issues of silently blocking stuff with no UI presented when it's happening. It's the #1 support issue that we have to deal with: using silent ad-blocking, disabling root CAs, disabling permissions / apps.
2 replies 0 retweets 0 likes -
Your analogies with dns blackholing, disabling root CAs, etc. are not valid. Nothing, EVER, needs to read your call logs or SMS messages.
3 replies 0 retweets 0 likes -
That's a completely different topic than the permission model stuff and silently blocking stuff. The original topic has a simple answer: they decided to support alternate dialers and messaging apps, which has the drawback of letting users shoot themselves in the foot.
2 replies 0 retweets 0 likes -
Alternative dialers & messaging apps have no reason to have access to each other's data.
1 reply 0 retweets 0 likes -
Talking about SMS/MMS, not alternative forms of messaging. You can only have one at a time, and if people want to migrate they need a way to export and import their data. Supporting that means letting people get tricked into giving it to a sketchy app.
2 replies 0 retweets 0 likes -
I understood that, and no it doesn't. Don't allow new app to initiate export process. Require initiation from old app or settings.
2 replies 0 retweets 0 likes
This is not rocket science. Allowing the potential attacker to initiate prompts leading to privileged action, rather than requiring user to initiate in existing trusted context, is always a security ux fail.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.