Comment by jeroenhd

Comment by jeroenhd a day ago

0 replies

View on Hacker News

WhatsApp can be more specific but chooses not to. They want to access your entire address book and cross-match your number with all of your friends', especially if they're not on WhatsApp yet.

This isn't a technological problem with a technological solution. It's a policy problem on WhatsApp's side.

> As a programmer I dread writing any line of code that deletes files. I feel like there should be a low-level API that required me to say the file extension that my application is allowed to delete or something like that. It's still crazy to me that any single program can just delete all user files even though no user would ever grant it that ability. Until that is fixed the whole user permission model just feels like a big joke to me.

Yes, but I wouldn't want my file manager to double prompt me every time I try to delete a file (one from the FM, one from the OS). However, on Android at least, your application can request access to a specific (set of) file(s) or folder(s), so that the damage of a file deletion bug remains very limited. Your app can even request read-only access.

I don't think mobile platform have a good "recycling bin" API, though. There's one for media files, but I don't think that works for general files. Still, the Google Photos/Camera apps seems to use a system prompt to verify deleting files, so I think there's something at least.

And in my experience, users are too stupid to handle fine-grained permissions. Every time I see my parents, I need to go over all of the websites they've somehow managed to permit notifications for (despite my disabling that shit by default), and I'm not the only one. Research shows people will click "allow" without thinking and leave apps running and updating in the background for months before cleaning house. And notifications are only a minor annoyance (at least on Android, other platforms allow them to be pretty annoying), this isn't even about apps trying to track your location by accessing the metadata on your pictures.

For a few decades, we've tried educating people about how to use computers, and wave after wave of viruses proved that most people are incapable of using a computer securely, even with antivirus. In the modern dumbed-down phone landscape, downloading a virus is actually quite hard, and the viruses can do far less damage than what they could in the XP desktop computer era, but that dumbing down comes at a cost. Every unfortunate new sandboxing rule Google imposes on Android (usually) has a very good reason behind it for the vast majority of users, even if it ruins the day or week or month of tens of thousands of power users who rely on the freedom to do what they want with their phones.