You are significantly under-stating what you can do with the ability to take a screenshot at any time. This basically lets you see whatever the user is doing. For example it would be quite feasible to wait until you determine the user is needing to enter their password and start taking screenshots at that point to determine what they enter.
You will notice there is no permission for "get the user's password." Nor in fact one for "get the user's bank account" etc. Also just throwing some feature behind a permission is not a magical solution. We actually rely on permissions too much, and are trying to reduce that through other security techniques. And for the cases where we do use permissions, the less clear a permission is about what it actually implies then the less useful it is. From that perspective, "read your contacts" is *far* more useful as a permission than "take screenshots (oh btw this means the app could get any data you display on the screen and figure out things like your password)." Put another way -- many more users upon being confronted with "this app can read your contacts" will understand what that means and be able to make a good judgement about whether they think this is okay with them, than they will be able to evaluate a "take screenshots" permission. If/when we do have an API for an application to take a screenshot, this will probably be something along the lines of making a request for the screenshot, resulting in the system taking the screenshot and showing it to the user for them to confirm they want it given to the app before it is actually returned. Finally, as far as a launcher app needing "nearly every permission" -- the platform's standard launcher needs: call phone, read contacts, set wallpaper, vibrate, write settings. If you are finding a launcher app that needs a wall full of permissions, I would suggest re-considering whether you actually want to install that app. They are definitely not necessary. (And honestly, we really should fix things so the lancher doesn't need call phone or read contacts either.) On Sun, Jun 12, 2011 at 8:12 PM, rich friedel <rich.frie...@gmail.com>wrote: > I agree that an app taking a screenshot of extremely private information is > a high security risk. However, how is that any different than allowing an > application access to my contacts, browser, phone state, etc... As an > example take LauncherPro, because it is a complete launcher it requires > nearly every permission available. I can only trust that the dev isn't > stealing all my information. > > Often times, that line of reasoning is tossed about due to legitimate > security concerns. You are certainly welcome to disagree with those > concerns, of course. > > I am real big on security. I have to say though that for the screenshot > issue, I don't see how it is any different than any other app that has > access to my personal information. Like I said make it a requirement to add > the permission. Just like any other app, it is up to the user to > discriminate against any potential nefarious app by reading those > permissions. > > Similarly, you are welcome to your opinion regarding the efficacy of > the permission system for preventing users from malware. > > Again, there are many many apps that require worse permissions than a > screenshot. > > Finally, if it was truly as high a risk as is said, I would assume > (not guarantee though) that with all the rooted devices, various mods and > screenshot apps that are out there and running that anything bad would have > surely at least peeked its ugly head by now. > > -- > You received this message because you are subscribed to the Google > Groups "Android Developers" group. > To post to this group, send email to android-developers@googlegroups.com > To unsubscribe from this group, send email to > android-developers+unsubscr...@googlegroups.com > For more options, visit this group at > http://groups.google.com/group/android-developers?hl=en > -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
