Executing untrusted code would be a lot safer if browsers and mobile OSes would make it easy to provide fake resources to the app/extension.
Yes, you may read my phone contents, and as far as you know, it's the contents, the whole contents and nothing but the contents - it just happens to be a folder to me. An empty folder. It's a new phone you see.
Yes here's my contact list. Sorry it's mostly empty, there's just the costly premium number in there. I hope your mothership doesn't try to call it.
Yes, here's my microphone. Oh thank you, yes, I do a good impression of Rick Astley.
Pictures on my phone? Oh yes, right this way. It's all pictures of turnips. Do you like them?
Similarly every browser should have the capability to report to sites that the user has notifications enabled when they actually don’t to end those annoying in-site “pre-prompts” which bait you into saying no to the pre-prompts so they can try to ask you again later, rather than just deal with the fact that the user denied permission with the browser-level prompt and isn’t interested.
I don’t think this is a bad idea per se (after all a fundamental principle of the open web is that the user should control the browser). However, although your suggestion is fun, it is mere civil disobedience for geeks.
The million dollar question is: how do you deliver those capabilities (a) without having grandmas phone full of spyware and (b) without giving your favorite Silicon Valley thought leader a 40% cut and total control of the ecosystem?
I don’t have the answer. Just trying to formulate the problem.
> The million dollar question is: how do you deliver those capabilities (a) without having grandmas phone full of spyware and (b) without giving your favorite Silicon Valley thought leader a 40% cut and total control of the ecosystem?
That seems orthogonal? Grandma's phone has the same spyware either way, but this makes it a toss up whether it can spy on anything real
iOS does offer options for "read selected photos" and "add-only photos".
Contact list subset and pseudo-sensors (camera, microphone, accelerometer, barometer) are much needed.
Preset location is also needed, but some apps enforce DRM or other policy by location.
App-level network policy (whitelist, blacklist) is needed. For enterprise MDM, iOS allows per-app VPNs, which could enforce app-specific network filtering. With Apple Configurator policy files, Safari can have on-demand VPNs for specific websites.
> iOS does offer options for "read selected photos" and "add-only photos".
The annoying thing here is how apps insist on either requiring full album access so they can implement their own photo picker or don’t provide a button to re-trigger reselection of “selected photos”.
I wish they’d just use the standard OS selector dialog and call it a day. I don’t care if the standard selector doesn’t meet some stupid product requirement, it’s good enough.
The issue the parent is trying to solve is you don't really have fine grained enough control, or apps nag you and won't load until you give them everything they want. My mom has a cheap camera security app that allows me to see the live streams from remote. Every single time I open the app it asks me again if I want to allow it access to my local network. The answer is a resounding "no". If I could just say "fake yes, here is my fake network", then I wouldn't be continually coerced into giving permissions to something I really don't want to share. I can think of many similar examples, another really common one is giving apps access to my contacts. Absolutely not, stop asking me, here is "Uncle Bob" with phone number 1-222-222-2222. Leave me alone
I wish it were easier to deny internet access to Apps. It isn't a perfect solution but it prevents the simplest data theft. Unfortunately side channel attacks are still too easy: Either a cooperating app, or send once of high value data via a link click opening the browser.
From what I can tell, internet access is the default just to allow apps to have advertising. Too cynical?
Android originally could deny internet access to Apps which I found useful.
Certainly I don't want an extension or plugin to have pull access to the internet. That may limit functionality. But often only push is needed (e.g. blocking list could be pushed). No third-party keyboard should have internet access.
Denying access to apps: if you're on android, you can root it and use AFWall+, which just sets up a basic linux firewall - but apps are installed as individual users, so you can just allow the apps that actually need internet - messengers and browsers, and things you want to sync across networks.
XPrivacyLua for Android does just that. It requires LSPosed, which enables deep modifications of the OS and other apps. Needless to say, that has its own security implications.
Denying "local network" permissions is hilariously worthless. On both Android and iOS all it does is prevent software from sending out multicast packets (for things like device discovery, Chromecast, etc. that don't use DNS-SD), it can still go ahead and just start trying to iterate through the entire RFC 1918 address space and try to connect to everything on your network.
I spent a bunch of time trying to figure out how I would implement such a feature on a standard Linux system to sandbox apps on my PinePhone, but there's no sane way you can implement a standard "you can have internet access but not touch my local network" policy.
Well, maybe the best reaction would be to uninstall the app and give it zero stars.
Of course, if you've bought hardware controlled by it, that's unfeasible. Keep it in mind for next time.
I don't suppose there are review sites that mention how predatory and nagging a mobile app is?
I've basically given up on mobile apps around when the ipad 3 was launched and never looked back. The reasoning being that i got an ipad 1 when it was new, and you could still find pay once games then. But they all got replaced by free to play gambling applications mislabeled as 'games'. Then the news about utility applications tricking you into $50/month subscriptions came about...
Yes, you may read my phone contents, and as far as you know, it's the contents, the whole contents and nothing but the contents - it just happens to be a folder to me. An empty folder. It's a new phone you see.
Yes here's my contact list. Sorry it's mostly empty, there's just the costly premium number in there. I hope your mothership doesn't try to call it.
Yes, here's my microphone. Oh thank you, yes, I do a good impression of Rick Astley.
Pictures on my phone? Oh yes, right this way. It's all pictures of turnips. Do you like them?