Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: "R.Wieser" <address@is.invalid>
Newsgroups: comp.mobile.android
Subject: Re: Android keyboard: your choice.
Date: Fri, 21 Jun 2024 11:14:01 +0200
Organization: A noiseless patient Spider
Lines: 55
Message-ID: <v53gbe$33j85$2@dont-email.me>
References: <20240617114559.a2970ac2923facc44a2ec355@gmail.com> <v4ov83$j5oj$1@dont-email.me> <v4sojj$1gqik$1@dont-email.me> <lde8tqF9a76U1@mid.individual.net> <v4tkrl$1bpq$1@nnrp.usenet.blueworldhosting.com> <v4u0gu$1rom7$2@dont-email.me> <ldia57Frps7U7@mid.individual.net> <v51gfu$2kg3e$2@dont-email.me> <ldj2atFs5uU2@mid.individual.net>
Injection-Date: Fri, 21 Jun 2024 11:15:27 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="feb5a5d2e22200e8e785bac44e28606b";
	logging-data="3263749"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19oMFLWwv4D6UfTQQoTBAYNV5OooOpkRrN7Skq4FQWDJQ=="
Cancel-Lock: sha1:UZpnXYrIJd6VD5A7TqXsoVPAzTs=
X-Priority: 3
X-Newsreader: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-RFC2646: Format=Flowed; Original
X-MSMail-Priority: Normal
Bytes: 3242

Arno,

> An app *must* contain the permission request in the manifest,
> regardless if it actually uses it or not.

I take that as "regardless if it *directly* uses it or not."

But do you recognise that way of doing stuff might be problematic ?   If you
lend your phone to someone a friend or your kid(s) get a hold of it (wanting
to play a game perhaps) they might cause the permission to be asked for, and
than it won't be you answering the question.

Time will tell if my phone uses the same "late binding" mechanism.  I hope
not though.

> It will only access contact data, when you enable the setting for it in
> the app, otherwise not.

:-) You talk as if you are smart enough, but at the same time you seem to
blindly trust an apps honesty in obeying a setting it manages it itself.
I don't.

.... and the phone-OS makers don't either, proven by the existence of an
OS-enforced "permissions firewall".

> Also see the options in the app - "Suggest Contact names" is a good
> hint what the permission for contact reading is used for.

You're sounding rather gullible there.  :-(

They *tell you* that they will /just/ take the contact names, and leave
everything else (you know, phone numbers, adresses, etc.) alone, and you
believe them ?   Again, I don't.

Its not about what they /tell you/ what they are going to do, its about
*whats possible* they could do.

Also, there is a reason why some phone OS-es offer you to provide apps
asking for such a permission a fake list.

> Better than just assuming that the app does not respect your privacy just
> because of an *optional* permission.

You sound like you will have no problem with handing off your wallet
(containing money, bank cards and passport) to a random stranger when he
asks for it.

What ?  You would not trust a random stranger like that ?  But you still
expect me to (blindly) trust a random app ?  Really ?

Regards,
Rudy Wieser