Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>It allows for apps to have almost free reign over the filesystem of other apps (read, write, modify), among other powerful capabilities

What went so wrong with personal computing that allowing an application to have access to the files on the device with the user's permission is now considered an unthinkable crime? Is the average smartphone user so clueless about the capabilities of their device beyond scrolling through tiktok that the use cases for this are beyond them?

It's because of people like you that I can't even load up an FTP app to backup the files on my android phone to my PC anymore.



Here's the scenario in question. Your average person with a smartphone, who is not so technically inclined, downloads a game of some sort. The game upon first launch pops up a dialog which says "to provide you with the best experience, we need to clean up temporary files on your device, when prompted by the dialog (screenshot of system dialog), please press 'OK'." The user is then presented with the relatively scary system dialog which says "Allow this app to use system debugging features?", which they have seen 100 times and never understood, decides that this time they will press 'OK'. The game then proceeds to send all of their photos to a malicious actor for whatever purposes.

The average person simply isn't cognizant of the dire security and privacy consequences of many of the things that they do when interacting with a computer.

Note that I am NOT advocated for the removal of ADB. As an Android developer, I once used adb on a daily basis. I also love the idea of using adb to ftp my filesystem to my local machine for the sake of backups and whatever other useful purposes. In the case of the FireTV, I believe that if the device is put into developer mode, ADB can still be accessed over a USB cable. I think this great, and necessary for development and other use cases.

The point here is about making a system less likely to cause incomprehensible harm to the average person. Android and iOS were an opportunity to rethink the security model of computing (for computers that most people carry with them and use every few minutes), and I think that's great.


I am not the average person. It's none of my business what the average person does. Just because the average person can't be trusted with something, doesn't mean I should have to suffer because of it.

Permission dialogs should be as informative as possible, sure, warn people that they're giving the app full access to their files if a permission is granted. If people still accept, then they accepted, it's their device and the device should respect their choice. It's not anyone else's responsibility to make that decision for them.


A sufficiently advanced user can still install something like LADB or shizuku or even a custom rom. This is extremely unnecessary to be a bundled OS permission.


> A sufficiently advanced user can still install something like LADB or shizuku or even a custom rom

Not without unlocking the bootloader (which can only be done on a few phones nowadays) and having to deal with getting locked out of a bunch of apps and functionalities as a result of Google's "security".


Let’s never blame the corporations hoovering all the data to carelessly resell it to marketers and who-knows-who. Instead let’s blame people on a forum.


Yes, I will blame people on a forum for falling for such a dumb trick. The corporations "hoovering all the data" (such as Google themselves) are the same ones providing you with a convenient "solution" to the problem they caused: restricting your own access over the devices you supposedly own.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: