[Cryptography] Would open source solve current security issues? (was "Re: EFF amicus brief in support of Apple")

Jerry Leichter leichter at lrw.com
Fri Mar 18 22:18:19 EDT 2016 

> [Android] apps need [to be] updated (no surprise there), but when I check them, it seems as though at least half of them are request new permissions that designed to track me or do other dubious things like look at my contacts
> or accounts or turn on the microphone, etc.... So does the same
> problem exist on iOS apps for iPhone and iPad, or is this just an
> Android device phenomena?
The iOS security model is very different.  They don't declare what permissions they want up front, so there's no analogous list of privileges you look at.  Rather, there are a few resources - location, the camera, the microphone - which require explicit permission.  iOS prompts you the first time you use the app and lets you decide then.  (You can also manage this stuff from Settings.)  In at least one case (access to location when in the background), iOS will actually prompt you again (once) after you've had the setting on for two weeks or so and let you confirm that you really do want it.

The contrasts:

- iOS has a number of special resources, where Android has many fine-grained privileges.  In practice, the actual meaning of many of Android's privileges are  obscure and hardly anyone tries to manage them.
- Android prompts at installation time, when it may be hard to tell whether the app actually needs the privileges.  iOS prompts at first use, when it'll typically be very clear what the app is trying to do.
- Android privilege settings are "take it or leave it":  You can't pick and choose which to grant an app.  (There was discussion about changing this, but I haven't kept up and don't know if it ever was changed.)  iOS settings are all optional - its up to the app to decide to continue if it can't get the resource it asked for.  In practice, I've never seen an app that refused to run without some resource - though it may not be useful.  For example, WhatsApp will use your contacts if you give it access - but will run perfectly well, maintaining its own list of recent connections, if you deny it access.  Actually, the same goes the access the the microphone:  If you don't give it access, you can't make calls, but you can still text.  (I don't recall when WhatsApp added support for audio.  Some update silently added the setting, but it defaulted to Off.)

The contrast is really interesting.  The typical programmer loves the Android approach because it gives the appearance of fine-grained control, but in practice it's not clear it solves any real problem.  The Apple approach started off *really* simple (most resources available today were initially kept completely private) and grew slowly over time, but the association with particular human-understandable resources, rather than abstract privileges, seems to work much better.
                                                        -- Jerry

More information about the cryptography mailing list