Comment by sterlind
21 days ago
so? pop up a permission prompt. have the user confirm.
and isn't it immediately apparent that the app is leaking data if your calculator is popping a webview?
21 days ago
so? pop up a permission prompt. have the user confirm.
and isn't it immediately apparent that the app is leaking data if your calculator is popping a webview?
"Pop up a permission prompt every single time an app links out to a browser" is not going to be a thing that users like.
Yes, this is a little suspicious. But you just have the evil page redirect to google.com or something benign. To the user it looks like "huh, chrome just opened on its own."
> "Pop up a permission prompt every single time an app links out to a browser" is not going to be a thing that users like.
Calculator.apk wants to open the web page https://eviltracker.example.com. Allow this time? Allow for 24 hours? Allow and don't ask me again?
Do we show this annoying popup (that the large majority of the time will be benign and just aggravate users) for all apps, or just those that don't request the internet permission?
Doing this for all apps would be wild. Doing this just for those that don't request the internet permission just encourages more apps to request it (it is basically universally used anyway). "Huh, why does my calculator need internet" has never actually been effective at helping people avoid malware at any meaningful scale.
1 reply →