Thursday, February 10, 2011

No Permission

Recently I was reviewing the permissions on the new market website site. When I read the following, I thought WTF?

Act As An Account Authenticator
Allows an application to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.
Use The Authentication Credentials Of An Account
Allows an application to request authentication tokens.
Manage The Accounts List
Allows an application to perform operations like adding, and removing accounts and deleting their password.
 The 1st and 3rd permissions sound pretty scary and I wasn't sure why they were there. At one time, I considered automatically creating a "Todo Q" calendar in the user's google calendar, so that could be the reason. Anyway, I pulled both. Todo Q will still request a token for the "send to friend" feature. Send to Friend allows you to send tasks to another Todo Q user or anyone using SMS.

Following is a screenshot of the requested  permissions in v2.0.2. Todo Q doesn't actually send e-mail, so I'll have to check on that one. It accesses the calendar for import and "add to calendar" functions. It accesses your contacts in order associate a contact to a task and use their address for the location. The SD card is for backups, and the SMS permission is the other half of "send to friend".

We need a way to pick & choose permissions at install and/or runtime. I could easily turn off features if the user didn't want to grant permission.

Todo Q v2.0.2 removes the two unused permissions and is only $1.99 on the android market.


No comments:

Post a Comment