Thursday, September 19, 2013

Android security and permissions can be improved

Declaration of Love

Let me start by saying I love Android, I really do. As someone that uses it everyday I am constantly thinking about how I could improve on Android.

A little ranting

I believe there are some things about Android permissions and security that can be improved.
When it comes to permissions I have on occasion avoided installing an application because I could not understand why it would need a specific permission. If there was more information and control over the application use of permissions I would be more likely to try an application.

How do we improve the information? 

When you install an application you are presented with a list of permissions from the application manifest and you have to decide if you want to continue with the installation of update. If the manifest contained an optional description attribute that elaborates the reason it needs the permission displayed along with each permission is will be a lot easier for the user to make a choice instead of some description elsewhere.

How do we improve control? 

I would like to be able to set default options for different kinds of permissions like Allow Always, Prevent Always, Prompt for various permissions. I would like to override these permissions for each application.
If the option is Prompt and the application tries to use the permission the system will show the user a dialog asking for permission and displaying the description from the manifest with options like: Allow, Prevent, Allow Always, Prevent Always.
This way I can decide if this is something I want to allow and if the application was truthful in it's request for permission.

How do we improve installation security? 

The only current secure installation option I know of is the Play Store. I believe we need a mechanism where an enterprise can publish a descriptor/key to be installed on the device which will allow the device to trust a store hosted by the enterprise. This will allow an organisation to provision to limited audience from it's own repository without requiring 'Unknown Sources'.

And finally...

I believe these enhancements would not require an enormous amount of work. With sensible defaults the user experience should be excellent and intuitive. I really think these improvements will allow wider adoption of Android within corporate environments and improve the visibility users need to make sensible decisions regarding application permissions.