← Back to context

Comment by kstrauser

7 months ago

We both know that first bit is a strawman, so we can move past it.

From the description of the people who wrote these apps, there are 2 basic APIs at play:

1. Get access to the entire drive.

2. Ask for permission to individual files.

I would have assumed there was a middle ground like asking for permission to a specific folder's contents, yet those same devs insist that's not the case. iA Writer users want to edit everything inside a folder. Syncthing users want to sync an entire folder. Transmit users want to select upload/download to/from an entire folder. If Google made those APIs available then we wouldn't be having this conversation.

5 comments

kstrauser

Reply
ants_everywhere  7 months ago

> We both know that first bit is a strawman, so we can move past it.

Privacy and security are literally the reasons for these APIs. I don't see how you could possibly call that a strawman.

> I would have assumed there was a middle ground like asking for permission to a specific folder's contents,

Isn't that what OPEN_DOCUMENT_TREE does? https://developer.android.com/reference/android/content/Inte...

  • kstrauser  7 months ago

    You're right; my bad. What you said was:

    > I guess I'm a bit at a loss about why these app developers feel they need access to things like medical records stored on the work phone of everybody at your doctor's office.

    ...which isn't a strawman. It's begging the question by presuming that authors actually feel such a need. I'm fairly certain the devs involved do not want or care about accessing medical records.

    As to OPEN_DOCUMENT_TREE, to my naive eyes that's what it looks like to me, too. That said, I'm confident that the devs we've discussed here, particularly the ones who sell the related apps for their livelihood, are clever enough to read the docs and that they've ruled it out for some reason. I certainly don't think the Syncthing team is too incompetent to use a documented method if it magically did the right thing.

    • iptrz6  7 months ago

      That's exactly what OPEN_DOCUMENT_TREE does. The typical workflow involves presenting a directory picker activity to the user and asking them to pick a dir (the app can then retroactively ask the OS to persist these permissions across restarts.)

      However: - You can't pick the root of a storage volume, only its subdirectories. This is presumably for your own good. - The application is still forced to use the SAF APIs, which are slow (each call requires an IPC) and overcomplicated. For working with multiple files, directory listings, etc, naive use of SAF can be a couple orders of magnitude slower than standard File APIs. This can be sped up, but it's never going to be anywhere close to native speed.

      1 reply →

    • ants_everywhere  7 months ago

      > . It's begging the question by presuming that authors actually feel such a need. I'm fairly certain the devs involved do not want or care about accessing medical records.

      iA -- one of the cases you mention -- balked at needing a standardized security assessment to access the full Google Drive.

      > In order to get our users full access to their Google Drive on their devices, we now needed to pass a yearly CASA (Cloud Application Security Assessment) audit.

      https://ia.net/topics/our-android-app-is-frozen-in-carbonite

      Googe Drive as part of Workspace is HIPAA compliant (https://support.google.com/a/answer/3407054?hl=en), meaning medical offices can and do host medical records on Drive. It's not mentioned in the article why iA needs access to all files on a HIPAA compliant service.

      Workspace is also (at least partially) FedRAMP compliant (https://support.google.com/a/answer/13190816?hl=en). So similar questions arise as to whether iA needs to access federal data.