or Connect
AppleInsider › Forums › Mobile › iPhone › Inside App Extensions: Apple, Inc's new Widgets & Keyboards similar to Android's, but secure
New Posts  All Forums:Forum Nav:

Inside App Extensions: Apple, Inc's new Widgets & Keyboards similar to Android's, but secure - Page 2

post #41 of 66
Quote:
Originally Posted by Corrections View Post
Really, pick a new god, as Google is simply a joke at this point. 

 

Ooookay then, I think we're done here.  Glad to see this has ended up as pointless as every other conversation we've had.  :rolleyes:

 

Quote:
Originally Posted by Benjamin Frost View Post

I think that that permissions window is equally bad. What does 'uses account' mean? Are you handing over your account password, your name, your address, your phone number or what?

 

Here ya go, straight from the horses mouth.

 

https://support.google.com/googleplay/answer/6014972?p=app_permissions

post #42 of 66
Quote:
Originally Posted by DroidFTW View Post

Quote:
Originally Posted by Corrections View Post

Really, pick a new god, as Google is simply a joke at this point. 

Ooookay then, I think we're done here.  Glad to see this has ended up as pointless as every other conversation we've had.  1rolleyes.gif
Quote:
Originally Posted by Benjamin Frost View Post

I think that that permissions window is equally bad. What does 'uses account' mean? Are you handing over your account password, your name, your address, your phone number or what?

Here ya go, straight from the horses mouth.

https://support.google.com/googleplay/answer/6014972?p=app_permissions

From Google:

An app can use your account and/or profile information on your device.

Identity access may include the ability to:

Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts

Why would anyone want to give an app permission to add or remove accounts?

Incredible!
“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #43 of 66
Quote:
Originally Posted by Benjamin Frost View Post

Why would anyone want to give an app permission to add or remove accounts?

 

Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.

post #44 of 66
Quote:
Originally Posted by Benjamin Frost View Post


From Google:

Add or remove accounts

Why would anyone want to give an app permission to add or remove accounts?

Incredible!

THAT has to be the most stupidly worded info on app permissions I've ever seen.
Quote:
Originally Posted by DroidFTW View Post

Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.

To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.
post #45 of 66
Quote:
Originally Posted by DroidFTW View Post

Quote:
Originally Posted by Benjamin Frost View Post

Why would anyone want to give an app permission to add or remove accounts?

Example, I am okay with the Dropbox app adding or removing a Dropbox account from my phone.

No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.
“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #46 of 66

Quote:

Originally Posted by PhilBoogie View Post


THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.

 

If you try to create a second Dropbox account on a device that has one already you will get denied.  You have to remove the existing account first in order to create a different one.

 

Quote:
Originally Posted by Benjamin Frost View Post


No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.

 

You would presume wrong.  Here's a screenshot from my phone if that helps.  It shows a few accounts that are setup on my phone, including Dropbox.

 


Edited by DroidFTW - 7/9/14 at 5:36am
post #47 of 66
Quote:
Originally Posted by DroidFTW View Post
 

Quote:

Originally Posted by PhilBoogie View Post


THAT has to be the most stupidly worded info on app permissions I've ever seen.
To me, that's not a logical answer. Does this mean that when Dropbox sees someone created a 2nd account from the same IP address they'll delete the old one? Or deny the 2nd one? WTF? This cannot be an answer on any level of stupidity. Not you sir, the "Add or remove accounts" statement from Google.

 

If you try to create a second Dropbox account on a device that has one already you will get denied.  You have to remove the existing account first in order to create a different one.

 

Quote:
Originally Posted by Benjamin Frost View Post


No. I would presume it means your main user account. This is a generic phone setting, not a specific app setting. It's extremely badly worded, as are the other permission settings.

 

You would presume wrong.  Here's a screenshot from my phone if that helps.  It shows a few accounts that are setup on my phone, including Dropbox.

 

 

 

You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.

“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #48 of 66
Quote:
Originally Posted by Benjamin Frost View Post

You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.

I agree; this is completely not a complete answer, just like Android:

Identity access may include the ability to:

Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts

Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!
post #49 of 66
Quote:
Originally Posted by Benjamin Frost View Post
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.

 

I fail to see what's ambiguous and mystifying about saying that an app may add/remove accounts to describe the act of adding and removing accounts, but maybe it's just me.  In just this small thread we have you, who would prefer more detail, and Daniel, who finds the permission page so complicated that he feels that it reads like an EULA and requires an engineer or tech enthusiast to make sense of it.  Clearly there’s no way to appease everyone.

 

On your concern that the request could be talking about any account, let me paint a worst case scenario for you that will even include issues you hadn’t even thought to be concerned about!  Let’s say a malicious app made it thru Google’s vetting process (Bouncer) and made it into the Play Store.  Let’s also say that it’s not yet been detected as known malicious apps get removed quickly.  Let’s also say that the app presents itself as an app that would only like to read your contact card to get your name.  The fact that the add/remove accounts is included in the “Identity” section comes as a bonus and they can now use the API which lets them add/remove accounts without it ever being obvious to the end user.  Now let’s say that the app goes passes the second malware scanner performed by Google Play Services that happens when a user installs an app.  Now let’s say that the app has found a way to access memory on the device that the OS doesn’t allow (this is possible if the user has rooted their device).  Now let’s say that the app is able to acquire root access without SuperSU (a superuser access management tool) detecting that an app is requesting root access.

 

Still following?  I’ve now created the perfect storm of events that has to happen to lead up this moment.  I'm likely missing a security check or two, but let's say that the app was able to bypass those as well and now the havoc you’re concerned about can be realized.  The app removes my Dropbox account on my phone.  Mind you, this doesn’t affect the files or anything about my Dropbox account, it just means my phone can no longer access my Dropbox account until I set it back up again.  This imaginary malware that you’re concerned about has set the user back at least 90 seconds while they create the account again and log in to their Dropbox.  What has the developer of this malicious code accomplished?  They’ve served to annoy the end user, nothing more, nothing less.  They gained no valuable data and nothing of value was lost.

 

Quote:
Originally Posted by PhilBoogie View Post


I agree; this is completely not a complete answer, just like Android:

Identity access may include the ability to:

Find accounts on the device
Read your own contact card (example: name and contact information)
Modify your own contact card
Add or remove accounts


Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!

 

See my first paragraph in my response to Benjamin regarding levels of detail.  Google can't please everyone. 

 

As to your question, "What does "may include the ability to" mean?" that's referring to the fact that an app intends on using one or more of those listed items.  For example, an app may only want to read your name from your contact card without containing any code to provide the capability to modify it.

post #50 of 66
Quote:
Originally Posted by DroidFTW View Post

Quote:
You're completely missing the point. The wording is ambiguous and mystifying. The wording is not unique to the app; it can apply to any app. Therefore, account could mean anything.

I fail to see what's ambiguous and mystifying about saying that an app may add/remove accounts to describe the act of adding and removing accounts, but maybe it's just me.  In just this small thread we have you, who would prefer more detail, and Daniel, who finds the permission page so complicated that he feels that it reads like an EULA and requires an engineer or tech enthusiast to make sense of it.  Clearly there’s no way to appease everyone.

On your concern that the request could be talking about any account, let me paint a worst case scenario for you that will even include issues you hadn’t even thought to be concerned about!  Let’s say a malicious app made it thru Google’s vetting process (Bouncer) and made it into the Play Store.  Let’s also say that it’s not yet been detected as known malicious apps get removed quickly.  Let’s also say that the app presents itself as an app that would only like to read your contact card to get your name.  The fact that the add/remove accounts is included in the “Identity” section comes as a bonus and they can now use the API which lets them add/remove accounts without it ever being obvious to the end user.  Now let’s say that the app goes passes the second malware scanner performed by Google Play Services that happens when a user installs an app.  Now let’s say that the app has found a way to access memory on the device that the OS doesn’t allow (this is possible if the user has rooted their device).  Now let’s say that the app is able to acquire root access without SuperSU (a superuser access management tool) detecting that an app is requesting root access.

Still following?  I’ve now created the perfect storm of events that has to happen to lead up this moment.  I'm likely missing a security check or two, but let's say that the app was able to bypass those as well and now the havoc you’re concerned about can be realized.  The app removes my Dropbox account on my phone.  Mind you, this doesn’t affect the files or anything about my Dropbox account, it just means my phone can no longer access my Dropbox account until I set it back up again.  This imaginary malware that you’re concerned about has set the user back at least 90 seconds while they create the account again and log in to their Dropbox.  What has the developer of this malicious code accomplished?  They’ve served to annoy the end user, nothing more, nothing less.  They gained no valuable data and nothing of value was lost.
Quote:
Originally Posted by PhilBoogie View Post

I agree; this is completely not a complete answer, just like Android:

Identity access may include the ability to:


Find accounts on the device

Read your own contact card (example: name and contact information)

Modify your own contact card

Add or remove accounts



Utterly incomplete. Tells me nothing. What does "may include the ability to" mean? Gsus, what a moronic horse that is!

See my first paragraph in my response to Benjamin regarding levels of detail.  Google can't please everyone. 

As to your question, "What does "may include the ability to" mean?" that's referring to the fact that an app intends on using one or more of those listed items.  For example, an app may only want to read your name from your contact card without containing any code to provide the capability to modify it.

You're not looking at this through a layman's eyes, but through the eyes of a geek.

There is no way to grant permissions to modify accounts on an Apple device. If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.

It's no good giving a long account of how no real harm can come to your Android phone. If Apple introduced such a shoddy permissions window, it would badly damage their reputation. Google can get away with it because they are held to a low standard.
“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #51 of 66
Quote:
Originally Posted by Benjamin Frost View Post

If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.

 

Now that's scary!  No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things.  They're two different operating systems and should be treated as such.  Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android.  Removing an account is a pretty harmless task on Android.  I was hoping my previous post would have cleared that up, but apparently it didn't.

post #52 of 66
Originally Posted by DroidFTW View Post

Theyre two different operating systems

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone exists], it doesn’t deserve to.
Reply
post #53 of 66
Quote:
Originally Posted by DroidFTW View Post

Quote:
Originally Posted by Benjamin Frost View Post

If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.

Now that's scary!  No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things.  They're two different operating systems and should be treated as such.  Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android.  Removing an account is a pretty harmless task on Android.  I was hoping my previous post would have cleared that up, but apparently it didn't.

You mean to say that you can't wipe an Android phone? Nice for thieves.
“I wasted time, and now doth time waste me.”
Reply
“I wasted time, and now doth time waste me.”
Reply
post #54 of 66
Quote:
Originally Posted by Benjamin Frost View Post

Quote:
Originally Posted by DroidFTW View Post

Quote:
Originally Posted by Benjamin Frost View Post

If someone owns just an iPhone, it's possible to delete their account on it, along with all the data.

Now that's scary!  No wonder you're so concerned for Android and its users, you're applying Apple's way of doing things to Android's way of doing things.  They're two different operating systems and should be treated as such.  Just because someone can wreak havoc on an iPhone by removing an account doesn't mean that same rule applies to Android.  Removing an account is a pretty harmless task on Android.  I was hoping my previous post would have cleared that up, but apparently it didn't.

You mean to say that you can't wipe an Android phone? Nice for thieves.
yes you can wipe an android phone you can also ad a second account so you have a device with two accounts if you so wish.
post #55 of 66
Quote:
Originally Posted by Benjamin Frost View Post

You mean to say that you can't wipe an Android phone? Nice for thieves.

 

I'm not sure how you read that from what I posted (I suspect you're trolling at this point), but you can absolutely wipe an Android phone by doing a factory reset.  However, on Android that is a completely separate task from removing an account.  They're not related at all.

post #56 of 66
Quote:
Originally Posted by singularity View Post

yes you can wipe an android phone you can also ad a second account so you have a device with two accounts if you so wish.

Quote:
Originally Posted by DroidFTW View Post

I'm not sure how you read that from what I posted (I suspect you're trolling at this point), but you can absolutely wipe an Android phone by doing a factory reset.  However, on Android that is a completely separate task from removing an account.  They're not related at all.

I guess you haven't read this.

http://www.cnet.com/news/android-phone-wiping-fails-to-delete-personal-data/
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #57 of 66
Quote:
Originally Posted by dasanman69 View Post


I guess you haven't read this.

http://www.cnet.com/news/android-phone-wiping-fails-to-delete-personal-data/
While I hadn't read that article I can't say that any of the information in it is new to me. Wiping a phone to give yourself a fresh start or to install a custom ROM and wiping your phone for resale have very different requirements. If one wants to sell any device it's a best practice to overwrite the drive with dummy bits to prevent the recovery of files.

Want to know if a device you just wiped actually rewrote over the data or just removed the pointers to it? You can tell by timing the process. It takes a non-negligible amount of time to overwrite all the bits on today's drives (due to their size). If your factory reset only took 2-10 minutes, there's likely old files that can still be recovered thru the use of forensic tools. Did the reset take 45-90 minutes? Then you're probably safe to sell that device.
Edited by DroidFTW - 7/10/14 at 7:40am
post #58 of 66
Quote:
Originally Posted by DroidFTW View Post

While I hadn't read that article I can't say that any of the information in it is new to me. Wiping a phone to give yourself a fresh start or to install a custom ROM and wiping your phone for resale have very different requirements. If one wants to sell any device it's a best practice to overwrite the drive with dummy bits to prevent the recovery of files.

How does one do a DoD wipe on a phone?
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #59 of 66
Quote:
Originally Posted by dasanman69 View Post

How does one do a DoD wipe on a phone?
On an Android phone? When I had to do one I used ADB (Android Debug Bridge).
post #60 of 66
Quote:
Originally Posted by DroidFTW View Post

On an Android phone? When I had to do one I used ADB (Android Debug Bridge).

That's something that the average user knows nothing about.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #61 of 66
Quote:
Originally Posted by dasanman69 View Post

That's something that the average user knows nothing about.
I agree.
post #62 of 66
Quote:
Originally Posted by DroidFTW View Post

I agree.

A potentially good idea for an app.
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
"Few things are harder to put up with than the annoyance of a good example" Mark Twain
"Just because something is deemed the law doesn't make it just" - SolipsismX
Reply
post #63 of 66
Quote:
Originally Posted by dasanman69 View Post

Quote:
Originally Posted by DroidFTW View Post

I agree.

A potentially good idea for an app.
If you have an android device you can get such an app on the play store all ready
post #64 of 66
I figured they existed, I've just never had to search for one myself. 1smile.gif
post #65 of 66
Ishredder as an example
post #66 of 66
Quote:
Originally Posted by singularity View Post


If you have an android device you can get such an app on the play store all ready

"There's an app for that!"

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • Inside App Extensions: Apple, Inc's new Widgets & Keyboards similar to Android's, but secure
AppleInsider › Forums › Mobile › iPhone › Inside App Extensions: Apple, Inc's new Widgets & Keyboards similar to Android's, but secure