this post was submitted on 03 Aug 2023
60 points (84.9% liked)
Lemmy
12641 readers
3 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The permissions framework is a lot more than just claiming Google wants tracking all to itself. That's conspiracy level shit. The permissions framework has undergone immense changes from earlier ones from small things like giving an app an approximate location instead of detailed to also allowing permissions to be given at the time it's needed and to require asking every time. Did you even use older android? All the permissions were from the get-go and you had no idea how it was being used. Permissions are so much nicer and the sandboxing has evolved. Your understanding of permission changes is extremely naive and simple. Applications are much safer now than on earlier android. This is objective truth.
Compatibility mode basically means the runtime being used is a different one and any vulnerabilities that existed in that mode (not every one obviously) is now introduced. It's why Windows XP compatibility mode requires admin rights because it's entire authorization scheme was different and apps in that mode can do things that normally require elevated privileges. Microsoft recommends updating apps to not require compatibility mode for these very reasons. Even just the threat model alone is expanded due to the increased attack surface. I'm tired of developers who can't take security seriously.
I did use older Android, and I agree that the new permission model is absolutely much better for the use case of running apps that you do not trust or even like. I can scan a coupon with the camera today without having to worry that the store's app is going to be taking pictures of me tomorrow.
But that's hardly any of what I use my phone for. So I pay a lot of the costs of more hoops to jump through to allow stuff I actually want, while not really getting much of the benefit of being able to use malicious applications relatively safely.
And the one time I had a real permission problem, it was Snapchat trying to bully me into giving it access to all my files so it could "detect screenshots" before it would let me talk to my friends. And Android permissions were no help there, because the app can still tell if I reject its requests and won't get booted from the store for refusing to work until I grant access to everything, even though I do not want to.
The whole system seems to me to be designed to make people feel like their privacy is being protected, by popping up all the time to say that unused permissions have been removed and hey look at all these privacy options you have. It does indeed stop people from spying on your location and camera all the time without you noticing. But while the little permanent green dot is flashing every five minutes when your location is sent to Home Assistant like you explicitly asked, and you are trying to decide if you want to let Zoom use Bluetooth headsets just right now or on an ongoing basis, Google is hoping you don't notice that the OS and most of the apps are designed to extract value from you rather than to serve your interests.
It's now safer to run the evil apps, but they're still there trying to do evil.
I, uh, think your point is getting away from you here though, yeah? You can argue about the real intent (and we can pick and choose whatever OS you want), but the fact of the matter is OSes update for legitimate reasons and allowing older apps to run is expensive and/or insecure. App development does not and should never stop. Even Linux is patching vulnerabilities constantly. And new features do occur. Buying an app once is outdated in the connected age.
I understand that keeping backward compatibility forever isn't worth it. But I think it should be kept for longer than it is now.
That's expensive. Increases the attack surface. Degrades performance by requiring more overhead. Bloats the size of the OS. Sure, you can care about backwards compatibility over all of that. But apps will likely continually get developed regardless of backwards compatibility. So there's still cost.
Again. I'm afraid you lost your point somewhere. Development rarely is ever completed. If it's truly "completed" then it's an extremely simple app with no real value and probably not worth anything. If it has value and isn't simple, then it can always be improved. So hosting isn't the only reason for ongoing payment. Continued development is extremely legitimate. Is it possible someone might abuse it? Sure. But software development never stops. It will always go into sustainment after release and when sustainment is over, the app is retired.