Articles‎ > ‎

GPS Essentials Permissions

posted Feb 8, 2011, 12:12 AM by Michael Schollmeyer
Some people suggested that I should ask for permissions to read the contacts when the user accesses the contacts feature for the first time.

Great idea, but unfortunately this is not the way that the Android permission model works. When a permission is required to do something on the device, the app has to declaratively request this permission and Android asks the user if the permission is ok at installation time. There is no way an app can ask for additional permissions later. While this is ok for permissions like "access the sd-card" or "read the GPS" in this special scenario an in-app grant to read contacts would indeed be a great thing. But as I said, it is just not there.

I could add another app that simply does not have the contacts layer and then refuses to ask for the permissions, but then I would have the additional burden of maintaining two apps instead of one. Another downside of this approach is that this would split up the users between the two apps and this will result in lower rankings which again results in less user. To turn it the other way around, the app would lose users because I split it up.

Now think about other features like "Send your waypoint as an SMS" or "send an SMS when approaching a waypoint" or "dial a number when approaching a waypoint" (ok this one is silly). One app for any combination would flood the market with versions of GPS Essentials.

Another option of having both the feature and not the permission would be GPS Essentials without the feature and a separate app that only contains the contacts feature. Android supports a closer relationship between apps that are signed with the same certificate so this would work out, at least in theory. But where will it lead us? After the first 1.4 release, GPS Essentials received a comment on Market stating that the camera would make snapshots automatically and upload them to a web site. I would I cope with this? I cannot do a separate app for the camera HUD because this is deeply embedded into the app. Also, having this sort of "plugin apps" is a lot of development work and I have to judge wisely how to spend my very limited resources for a free app that (currently) makes not a single cent. For users that are less aware of security, it would mean additional efforts to get thing running and a less complete experience.

I personally believe that the Android security design is sufficient as it is. It is not a bulletproof jacket. If you think you need one, you might consider something's wrong in your neighborhood. It is good because it establishes "equality of arms", it enforces the app to state what it accesses upfront. You still need to decide whether you give the app enough reputation to grant these permissions. If you don't, all you can do is to not install the app. You cannot have it both ways.