Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® World™ Development

Reply
Developer
jtegen
Posts: 6,541
Registered: ‎10-27-2010
My Device: HTC One, PlayBook, LE Z10, DE Q10

Shared Permission Paranoia

I've received a couple of emails from users about their paranoia that our apps are doing something sinister to their shared files (including photos, documents, etc.).  I've also noticed similar comments from user's with other apps that are not our own.  The permission settings covers the shared directory and that shared directory includes sub-directories of photos, camera, documents, videos, etc.

 

We've tried to assure them that the user is in control of what is read and written to the shared area and that the app is not secretly copying their files off their device.  Even our privacy policy was called into questions because it contains that we can gather user information from the device (this caluse was meant for things live device id).

 

Is there a simple way to explain this to people, or are we just hearing from a vocal minority?

 

Has anyone dealt with this in another manner?

 

Please use plain text.
Developer
Innovatology
Posts: 1,280
Registered: ‎03-03-2011
My Device: Playbook, Z10, Q10, Z30 with Files & Folders and Orbit of course

Re: Shared Permission Paranoia

I've answered a couple of questions about this (not our app specifically) in the forums, but have only occasionally received questions by e-mail on this matter. I tend to commend them on their prudence, agree that caution is needed and that their question is a valid one, and proceed to explain the reasons our app asks for access to their files. I would certainly never think of them as paranoid, or use any such language.

 

It might help to explain which permissions you need (and why) in your app description, privacy policy or FAQ.

 

It would also probably be benificial to allow your app to function even without secondary permissions, so users can check out whether it's legit. Then in the app explain how they can grant permission. Of course for an app like Magellan Compass GPS access would be required, but perhaps access to device identifying info or shared files may not be strictly needed until a particular feature is triggered.

 

I'm still hoiping for a decent API to handle such matters. IOS provides this, in a rather disorganized way. Android, as far as I know, still doesn't.

Files & Folders, the unified file & cloud manager for PlayBook and BB10 with SkyDrive, SugarSync, Box, Dropbox, Google Drive, Google Docs. Free 3-day trial! - Jon Webb - Innovatology - Utrecht, Netherlands
Please use plain text.
Developer
Ebscer
Posts: 875
Registered: ‎08-31-2009
My Device: 9530, 9630, 9800, 8530, 9900, 9810, 9930, PlayBook, Dev Alpha

Re: Shared Permission Paranoia

Now, I think that I have just realized why a feature isn't working for one of my customers...


Read my thoughts on BlackBerry Development at news.ebscer.com
Please use plain text.
Developer
jtegen
Posts: 6,541
Registered: ‎10-27-2010
My Device: HTC One, PlayBook, LE Z10, DE Q10

Re: Shared Permission Paranoia

I did explain in the kindest of words, but they have replied back several times that they believed that even giving access to an app to read and write files (KML, GPX, images, etc.), even when it is guided by user action, still "allows" the app to mine and access other files in their shared area (hence the paranoia).

Just not certain what else could be said to soothe them that the app is not doing anything sinister to their shared files.

The app checks at startup if the shared directory exists (it is false when permission is not allowed) and at each time the app tries to read and write files.

It would have to be an OS level thing, but maybe how a WebWorks app tries to get GPS access. Prompt the user at the time of the read or write for ( "Do you wish to allow the app access to shared/documents" -> "No", "Once", "Always" ).
Please use plain text.
Developer
Innovatology
Posts: 1,280
Registered: ‎03-03-2011
My Device: Playbook, Z10, Q10, Z30 with Files & Folders and Orbit of course

Re: Shared Permission Paranoia


jtegen wrote:
I did explain in the kindest of words, but they have replied back several times that they believed that even giving access to an app to read and write files (KML, GPX, images, etc.), even when it is guided by user action, still "allows" the app to mine and access other files in their shared area (hence the paranoia).

Just not certain what else could be said to soothe them that the app is not doing anything sinister to their shared files.


Not much more you can say, I suppose. You can talk all you want, but if they don't trust you, talking won't help...

Files & Folders, the unified file & cloud manager for PlayBook and BB10 with SkyDrive, SugarSync, Box, Dropbox, Google Drive, Google Docs. Free 3-day trial! - Jon Webb - Innovatology - Utrecht, Netherlands
Please use plain text.
Developer
peter9477
Posts: 6,473
Registered: ‎12-08-2010
My Device: PlayBook, Z10

Re: Shared Permission Paranoia

I get some of these too. The latest is particularly telling, both in terms of how disgruntled the user is, and how "paranoid" (I mean that in a good way) he is. Here's the exchange with him:

 

Just downloaded Battery Guru and I am a new Blackberry z10 user. I was so troubled by the "Battery Guru needs permission to access all your files and info ...". I deleted the app. Why does a stupid battery utility need to know any of my private information?

You really can't write a utility app without needing things you have no business accessing?

I await your explanation.

 

My initial response:

 

The app has an export feature, under the Records page. When you use it, it needs access to the shared files area in order to write out the data.  There's no other way to export files.

If you don't want to export your data, simply deny the app that permission. No harm done.

If developers had alternatives, such as specifying that permission as disabled by default, and only requesting it when the user tries to do the export, then we'd take advantage of that. BlackBerry hasn't provided that as an option, so this is the only way we can do that.

If you have a complaint about this, I suggest you take it up with BlackBerry, as it's their fault we have so few options to make this more usable for users.

In general, it's wise to deny apps permission to things for which you don't trust the developer. We're a very well respected vendor, which you'd likely discover if you checked or asked around, but some others are not. It should never be a problem to deny permissions, and if the app crashes because of that, you likely don't want that app installed. Battery Guru, of course, is better written than that, so it happily works just fine without the permission.  It's not, after all, a "stupid battery utility". :-)

 

His response:

Thank you for your quick reply and detailed answer. I was not referring to your specific app as a "stupid battery utility" but the whole class of utilities like this. They should NOT need any privacy permissions.

 

While I appreciate your explanation and your taking time to write it, I could make a couple of suggestions:

 

Why not just "not" ask for any permissions when the app is first run and ONLY ask for them if someone decides to enable the Reporting feature?

 

Also, why, when I first installed the app it asked for two levels of permissions, but after I deleted and reinstalled it, it doesn't ask for any? Did it store those permissions in some kind of hidden file?

 

I think you, as the developer, could do a much clearer job of explaining these things on your app page, and write the app to avoid asking for any permissions until they are needed and then give a VERY clear explanation of why you need them and what you will do with those permissions.

 

I left the iphone and wouldn't have an android because I care greatly about my privacy being respected. I will write some letters to RIM, because I do see how their stupid design choice has greatly hampered developers, which is self destruction to RIM.

 

Thanks for your time again. If I receive an answer why the second install doesn't require any permissions, I'll keep the app and give it a great review.

 

Mine (where I quote his reply it's now in italics):

Why not just "not" ask for any permissions when the app is first run
and ONLY ask for them if someone decides to enable the Reporting
feature?

We have no way to do this.  Apps can only specify the permission that they *may* need. The system automatically asks the user with that permission dialog when the app is installed (or first run, depending on the type of app).  The system turns them all on by default, and requires the user to turn them off if they don't want them, before clicking Okay.

So basically if I want the export capability in the app, at all, I have NO OPTIONS aside from what I've done.

Also, why, when I first installed the app it asked for two levels of
permissions, but after I deleted and reinstalled it, it doesn't ask
for any? Did it store those permissions in some kind of hidden file?

The system handles the permissions. What you're seeing is all interaction with the system, not with the app. The app never sees those permission, except indirectly when it tries to do something like write to a file to export data.  The system does cache your responses in some fashion, but that's nothing I can control.  You have to go into the Settings, under Security and Privacy, under Application Permissions, in order to change it.

I think you, as the developer, could do a much clearer job of
explaining these things on your app page, and write the app to avoid
asking for any permissions until they are needed and then give a VERY
clear explanation of why you need them and what you will do with
those permissions.

While we could explain more on the description page, and I probably will, most users actually don't read the full description.  And as for "write the app to avoid asking", I've explained why this is simply not possible. What you can do, and should, is deny permissions that are requested if you don't trust the app, then just use the app. Well-written apps will detect when they get errors because permissions are denied, and will guide you in some fashion.  Try it with Battery Guru... do an export while that Shared Files permission is denied, and see what it does.  Note that the way I've handled it is the ONLY way we can do it... the app cannot itself see or change the permissions, and opening the appropriate Application Permissions setting page for you is the only thing that can be done.  Developers have requested improvements from BlackBerry, and are quite frustrated that nothing has been done yet.

I left the iphone and wouldn't have an android because I care greatly
about my privacy being respected. I will write some letters to RIM,
because I do see how their stupid design choice has greatly hampered
developers, which is self destruction to RIM.

You and me both. If I don't trust the vendor, which is anyone I don't know, I deny most permissions and see how things go.

Thanks for your time again. If I receive an answer why the second
install doesn't require any permissions, I'll keep the app and give
it a great review.

And his final response:

 

Thanks again for your superb response. I do understand things much better now. I did go in and disable the permissions and your app is running perfectly. You are welcome to use my name in any way you wish, especially if it will help RIM to make some sorely needed changes.

 

I will be giving your app and support the great review it deserves!

 


Peter Hansen -- (BB10 and dev-related blog posts at http://peterhansen.ca.)
Author of White Noise and Battery Guru for BB10 and for PlayBook | Get more from your battery!
Please use plain text.
BlackBerry Development Advisor
smcveigh
Posts: 668
Registered: ‎11-29-2011
My Device: developer

Re: Shared Permission Paranoia

I asked around, and we do plan to address most of these concerns in a future release.

 

Cheers,

Sean

Please use plain text.
Developer
Ebscer
Posts: 875
Registered: ‎08-31-2009
My Device: 9530, 9630, 9800, 8530, 9900, 9810, 9930, PlayBook, Dev Alpha

Re: Shared Permission Paranoia

I really just encourage users to always grant all permissions that are asked for.

 

Yes, that does defeat the point, but any permissions I am asking for are for a reason. I am tired of getting complaints about features not working, when the users are in fact sabotaging their own apps.

 

Only asking for a permission once it is required, would be a step in the right direction, because it would at least clue in the users to why the app may need that permission in the first place...


Read my thoughts on BlackBerry Development at news.ebscer.com
Please use plain text.
Developer
jtegen
Posts: 6,541
Registered: ‎10-27-2010
My Device: HTC One, PlayBook, LE Z10, DE Q10

Re: Shared Permission Paranoia

[ Edited ]

If a future version is going to address this, please address why there is two permissions for GPS. I cannot imaging any user knows the difference between "GPS Location" and "Location" permissions. Even the descriptions sound similar. Location : "Allows this app to access your device's current or saved location". GPS Location: "Allows this app to access your GPS Location".

Please use plain text.
Developer
StevenKader
Posts: 644
Registered: ‎02-03-2010
My Device: Z10 LE

Re: Shared Permission Paranoia

I do what Eric does......they need to allow all of the permissions or delete the app since it won't work properly.  I usually spell it out near the top of the app description (just after the first paragraph) so they are aware of it.   

 

It is one of those things that with some people no matter what you do they want to keep things locked down tight and proabably only install a very few apps because of it.


Steven Kader at JaredCo
   Follow me on Twitter    |     Mipixi.com :  Web App for Photo Sharing
Please use plain text.