In the Android security model, this is not a capability that should have ever been provided to apps to begin with. It allows for apps to have almost free reign over the filesystem of other apps (read, write, modify), among other powerful capabilities. No flagship Android phones on the market allow this.
It would be like if the Facebook app on your iOS device could read all of the files of your banking app, or notes app. It's just not something that is enabled in any Android system claiming to have some level of security.
> but this feature is clearly gated behind user permission
You're right that the owner of the device should have the ultimate say. But the sad reality is that most owners aren't necessarily good caretakers of those devices. They don't understand what that permission entails, and they don't actually want to take responsibility for the outcome of the decision. But they will want to hold the manufacturer accountable for the damage.
I can't count how many times I heard people say "this decision should be mine to make" only to follow it up after some time with "somebody should have warned me not to do it". It's human nature and the solution for this can't/won't be technical.
Windows XP was a good example of letting the person decide what's good for their device and it was also the OS with the slowest adoption of updates. People collectively decided that the discomfort of rebooting once in a while was worse than letting malware completely wreck their device and data.
> I can't count how many times I heard people say "this decision should be mine to make" only to follow it up after some time with "somebody should have warned me not to do it".
The correct response, if (as in this case) they were warned, is to say “someone did warn you, pay more attention next time”, then walk away[1].
Just like if a beginner ignores the black piste markets and the “for good skiers only” sign at the top of a slope then complains that they fell over.
It is problematic to create in users an expectation that if they blindly mash at their globally-networked, bank-account-connected devices without paying a modicum of attention to anything that appears on the screen when they do so, that everything will be fine, and if it’s not it’s someone else’s fault.
> The correct response, if (as in this case) they were warned, is to say “someone did warn you, pay more attention next time”, then walk away[1].
In reality, this does far more harm than good. In almost all cases this goes wrong because of the 'little learning is a dangerous thing' problem. People tend to be in two camps:
- Don't care, don't want to fiddle with the thing, the manufacturer has to do everything
- Knowing just enough to break things, but not enough to fix it (and thus it is the fault of the manufacturer)
Other types like the 'I am the owner, I make the rules' crowd are insignificantly small.
This means that in the real world (so not in an echochamber) you only get one scaled and realistic scenario: the user creates problems (for themselves, others), but cannot fix them, and everyone/everything not-user then has to care for them to deal with it.
In an ideal theoretical world we might say that the end-user has to be responsible, and they have to make infinite mistakes and learn everything so they can become good caretakers of their networked systems. But that is not reality, and is not realistic.
Harm reduction isn't always the most important goal, especially when it's other people's harm and reducing it also involves restricting what they can do.
You don't have to allow all users everything, but you should allow those who want, to do as they please.
You can always hide the option behind some kind of mechanism. A mechanism a general user wouldn't use because they don't if the rest works as intended. Those who still do, should suffer the consequences, but this is not the manufacturers' problem. They have all kinds of safeguards to prevent liability because of those "special choices".
People would go to great lengths to follow tutorials on the internet to disable things they were told were bad for them. The less qualified, the more likely that they fell for the "updates are bad, they ruin your computer" narrative. As long as there's an option that can be abused, people will be tricked into allowing it.
This is less relevant for the current discussion about the FireTV and this feature. It's for the more general discussion of being able to do whatever you want on a device you own.
But why should everyone else suffer because of that small fraction?
The real answer: users are captive. For the vendors, they're cattle. And like with any good big farm, it does not matter how much it sucks for the cattle - but it does matter the cattle is safe, because few bad cases can become known and risk your farm getting shut down.
'Krasnol argued for keeping powerful/dangerous features, but making them opt-in (and a bit of a hassle to enable). You countered that there will be "some fraction" of users incapable of not hurting themselves with those features, who "will still stumble upon it anyways and will still refuse to take any responsibility for enabling it". My counter to that is that we shouldn't remove such power features just because "some fraction" may find and misuse them.
That's the should/should not part. The rest is my take on why companies remove those features anyway - they have no incentive to provide anything above bare minimum, especially not when they could be on the hook for "some fraction"'s mishaps.
I didn't raise the 'should/should not part' at all, you are the one who raised the point. I'm focused on actual facts and possibilities in this comment chain.
And as we've seen in the PC space, this will absolutely destroy security as the general population will simply hit "Ok" or "Allow" on any (security) prompt so they can get to their desired goal.
I hate to say it but at some point it is their device and they can install malware if they want to. I think it is good to put up some warnings and make particularly dangerous permissions particularly hard to give. But at some point it is my device and you need to get out of my way.
Yes, but one of the major externalities in this context is security industry smothering every computing platform, turning it from a bicycle for the mind into a TV for the mind.
> the general population will simply hit "Ok" or "Allow" on any (security) prompt so they can get to their desired goal.
So let them? I keep hearing this argument but I have yet to hear a good explanation of why it's a problem or why I should care.
If a thief walks up to someone's door and asks to be let in, and the person opens the door and lets them in, is that a security flaw on the door's part? Should we make doors harder or even impossible to open by their owners to prevent them from letting a criminal in?
Cool, ok… you either learn from your mistakes or you don’t.
Developers aren’t responsible for the general population doing dumb shit, as long as they don’t trick them into it, and it doesn’t happen as a result of bugs in their software.
Imagine if the makers of stoves or kitchen knives believed that they should design out every possible way someone could burn or cut themselves…
“Do you want to let [application] access [the calendar|your photos|files created by other apps]?” seems totally reasonable; stopping users from running programs that do this altogether, not at all.
The biggest problem with it all is: that which OS developers do to “protect users” becomes what application developers use constrain users and prevent them accessing their data, in order to extract more money or control how people use their own devices.
My butterknife doesn’t have the ability to upgrade itself to a chainsaw over the internet. Software has this somewhat unique and autonomous ability; comparing it to static household objects when it comes to manufacturers’ legal obligations (or ethical oughts) doesn’t necessarily make sense.
Normally, I’d agree with you. But over the years I have been thinking that bad practices on internet connected devices ends up being everyone’s problem.
Even that barely helps - try opening the web dev console in your browser on a popular social media site and there are huge warnings telling people not to paste commands in there they have been told to do to "hack Facebook and see nudes from your hot neighbor"
I tend to disagree, at least for many purposes. In the world of mega-apps (WeChat, Facebook, etc), do you really want these apps to be able to ask for or even require permissions like this?
In an older, kinder, gentler era of computing, if I granted a permission to an app [0], it was probably doing something with that permission that I wanted. Nowadays, not so much — apps are generally actively hostile to the user, and even apps that are friendly are frequently purchased by more or less malicious companies that turn them into malware.
[0] Yeah right. There were no permissions. And apps were mostly well behaved because they had no way to call home to the mothership.
> I tend to disagree, at least for many purposes. In the world of mega-apps (WeChat, Facebook, etc), do you really want these apps to be able to ask for or even require permissions like this?
Not really… I want to ban or break up/massively curtail the apps and/or their business models and aggressively police them so that that isn't a thing…
This isn't actually about filesystem permissions. ADB is a debugging tool that seems to have been used by certain applications. It shouldn't be required for any normal app functionality including storage access.
That said this is still a user hostile change. I will never purchase a device that blocks ADB since it's required for several useful things, often related to fixing or working around issues created by the vendors themselves.
In WhatsApp you can enable save photos and videos to your phone gallery and then any backup app can do backups. Google Photos and numerous other apps are able backup WhatsApp photos.
>It allows for apps to have almost free reign over the filesystem of other apps (read, write, modify), among other powerful capabilities
What went so wrong with personal computing that allowing an application to have access to the files on the device with the user's permission is now considered an unthinkable crime? Is the average smartphone user so clueless about the capabilities of their device beyond scrolling through tiktok that the use cases for this are beyond them?
It's because of people like you that I can't even load up an FTP app to backup the files on my android phone to my PC anymore.
Here's the scenario in question. Your average person with a smartphone, who is not so technically inclined, downloads a game of some sort. The game upon first launch pops up a dialog which says "to provide you with the best experience, we need to clean up temporary files on your device, when prompted by the dialog (screenshot of system dialog), please press 'OK'." The user is then presented with the relatively scary system dialog which says "Allow this app to use system debugging features?", which they have seen 100 times and never understood, decides that this time they will press 'OK'. The game then proceeds to send all of their photos to a malicious actor for whatever purposes.
The average person simply isn't cognizant of the dire security and privacy consequences of many of the things that they do when interacting with a computer.
Note that I am NOT advocated for the removal of ADB. As an Android developer, I once used adb on a daily basis. I also love the idea of using adb to ftp my filesystem to my local machine for the sake of backups and whatever other useful purposes. In the case of the FireTV, I believe that if the device is put into developer mode, ADB can still be accessed over a USB cable. I think this great, and necessary for development and other use cases.
The point here is about making a system less likely to cause incomprehensible harm to the average person. Android and iOS were an opportunity to rethink the security model of computing (for computers that most people carry with them and use every few minutes), and I think that's great.
I am not the average person. It's none of my business what the average person does. Just because the average person can't be trusted with something, doesn't mean I should have to suffer because of it.
Permission dialogs should be as informative as possible, sure, warn people that they're giving the app full access to their files if a permission is granted. If people still accept, then they accepted, it's their device and the device should respect their choice. It's not anyone else's responsibility to make that decision for them.
A sufficiently advanced user can still install something like LADB or shizuku or even a custom rom. This is extremely unnecessary to be a bundled OS permission.
> A sufficiently advanced user can still install something like LADB or shizuku or even a custom rom
Not without unlocking the bootloader (which can only be done on a few phones nowadays) and having to deal with getting locked out of a bunch of apps and functionalities as a result of Google's "security".
Let’s never blame the corporations hoovering all the data to carelessly resell it to marketers and who-knows-who. Instead let’s blame people on a forum.
Yes, I will blame people on a forum for falling for such a dumb trick. The corporations "hoovering all the data" (such as Google themselves) are the same ones providing you with a convenient "solution" to the problem they caused: restricting your own access over the devices you supposedly own.
Yeah, it’s amusing that the author simultaneously claims that (a) it’s a “core OS capability”; (b) it’s a developer debugging capability gated behind so many hoops that it can’t be abused (which is of course nonsense because even though each connection needs to be approved, the app allegedly only clearing other apps’ cache could be doing any number of evil things after the approval). These are incompatible claims.
You can fundamentally disagree with the Android security and isolation model, but if you were okay with it before this update, then the arguments presented are just an incoherent mess.
It is heartbreaking and very disappointing to feel not loved and appreciated enough because if you are loved and appreciated enough by your partner there will be no need for her to cheat and give any attention to any man other than yourself, I felt this way for so many years without knowing what to do and I couldn't leave her because there was no concrete evidence to back up the feelings I had and none of my families believed me when I told them I think my wife was seeing someone else so I was determined to prove it, I went searching online on how to hack or spy my wife phone without her knowing then I saw a lot of people recommending Marie as the best in the game well I wasted no time in contacting via on
(MARIECONSULTANCYOZ@GMAIL.COM and INSTAGRAM :MARIE_CONSULTANCY) and she gave me full access to her phone I was able to get the evidence needed
It would be like if the Facebook app on your iOS device could read all of the files of your banking app, or notes app. It's just not something that is enabled in any Android system claiming to have some level of security.