Not sure I agree with your sentiment with regard to how you are saying it.
Millions upon millions have trusted facebook with login.. and google with
checkout and paypal, etc. Not sure why they wouldn't trust their own
device's capabilities to prevent apps from using their username/password..
it's not asking for that.. and maybe I don't understand OAuth very
well..but I thought one of it's purposes was to provide tokens that are
limited in time and/or use, and/or at least protect end users by not
providing full access to all their information. Furthermore, from what I
can tell, the token I get to access mail only allows me to access mail, not
other accounts. I am new to this so maybe it does allow for more.. but then
like I said, if an app abuses it, I would hope the voting system, and if
need be google removing it stop it short of being too destructive. I do
agree though that users should be cautious, and that is why at least for
me, providing information that explains why the permissions are needed at
least allows end users to decide if they want to make use of the feature of
my app. In my case, it's one of several things my app will do, and end
users can choose to authorize my app to use their token, or end up using
the external email client. The latter case will be more cumbersome because
of all the typing/touching involved to find email addresses (or enter them
completely), but it would be an option if they do not trust my app to send
out emails on their behalf.


On Sun, Jan 6, 2013 at 5:40 PM, Nikolay Elenkov
<[email protected]>wrote:

> On Mon, Jan 7, 2013 at 7:24 AM, Kevin Duffey <[email protected]> wrote:
> >
> > Nikolay.. not sure why you made that comment?
>
> Because you said you are worried whether this is allowed.
>
> > While I can understand that
> > authorizing an app to use some of your information is not for everyone..
> I
> > believe part of why AccountManager is part of the Android APIs is to
> ensure
> > that a person's info is secure and an app can only access tokens of some
> > sort that could not be abused by an app...
>
> APIs for sending SMS and reading your contacts are also part of the API,
> but that doesn't mean it's OK to send messages to premium numbers or
> spy on your users. If you can read and send email with someone's account
> you can reset their password(s) for other sites and gain access to what
> not,
> that's why it's somewhat sensitive. The platform will try to make sure the
> user knows what's happening, but can't really prevent abuse by a
> potentially
> malicious app in every possible case (not saying your app is malicious).
>
> It's your app, so you can't really say 'Android allows (whatever) so
> it's not my
> fault'. Whether or not you need a full-blown privacy policy/EULA/other
> scary
> legal document or just a simple confirmation dialog is for you to decide.
>
> --
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To post to this group, send email to [email protected]
> To unsubscribe from this group, send email to
> [email protected]
> For more options, visit this group at
> http://groups.google.com/group/android-developers?hl=en
>

-- 
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Reply via email to