Friday, January 6, 2012

How Would You Change App Store/Market Permission Models?

In a shift from my normal informational type posts, today I'm interested in starting a discussion on the topic of App Markets/Stores.

Apple has a more rigid review process and a slower time to market for Apps.  Google allows apps quickly to market and relies on the visibility of requested permissions and shifts security decisions to the users. (Very basic descriptions, there are many more moving parts)

Which model is working better? If you could make changes to either model, what would you change?

Interested in thoughts and ideas.



-Michael Coates - @_mwc

5 comments:

  1. Looks like the conversation is happening on twitter. Feel free to post ideas here or jump in on twitter. I'm @_mwc and using #AppModels

    ReplyDelete
  2. I don't really twitter much these days and don't know what was said.

    My opinion is that app stores are moving targets right now. Nothing is carved in stone.

    The near-immediate future of app stores is total decentralization, where in-app "stores", in-app payments, and in-app functionality changes daily, or sometimes 3 times daily.

    ReplyDelete
  3. There are some interesting observations on this question as comments to my recent blog post on the subject:

    http://blog.gerv.net/2012/01/malware-in-software-ecosystems/#comments

    ReplyDelete
  4. I enjoy the android method, although i understand that i'm a very fluent user of information systems...knowledgeable and tuned for security. i read the permissions every time, and because i've rooted my phone, i'm able to remove permissions i see as not needed by the app.

    for example: the Music Junk app on the SlideMe market requests permissions for - coarse and fine LOCATION, phone state and identity, vibrator control, auto start at BOOT, change GLOBAL SYSTEM settings, RECORD AUDIO, READ BROWSER history, WRITE BROWSER history, READ CONTACT data, WRITE CONTACT data.

    un...real. those are just the ones i have a problem with, the other few are harmless and actually required by the app - with all of those above removed, it still works perfectly.

    Tunee Music on Android Market, again requests more permissions than required...not as much, but still suspicious. awareness needs to be raised on permissions to protect users...maybe even a popup saying "HEY!! ARE YOU REALLY SURE?!"

    ReplyDelete
    Replies
    1. Totally agree. The permissions model is broken security for normal users (i.e., me). When I install an app, I just click "OK" every time - I just want to use the app. I'll uninstall it if I think it's malware.

      Delete

Note: Only a member of this blog may post a comment.