03-25-2013 08:17 PM
I was just reading a blog story about "The top 10 apps to load on
your new Z10", and went to look at the BlackBerry World page for one of
the apps that I hadn't seen before. I just happened to notice one of the
most recent reviews giving low ratings and complaining that the app was
requesting permission to access all the user's documents, even though
the app was narrow enough in focus to only be applicable to particular
types of documents. The reviewer probably did not realize that this was
not the fault of the app developer, but rather a result of how
application sandboxes and permissions are set up.
To me this looks like an opportunity for BlackBerry to improve the
sandbox system. Currently if say a music app wants to be able to index
your music collection, it "needs", as far as BB10 is concerned, to be
able to access your photos and documents, even though the app has no
functionality to do anything with such files.
What if instead the sandbox system could have more granularity, to say,
grant access only to a particular subdirectory of shared access area
and/or only to particular types of files? In the case of the music app,
it probably only really needs access to audio files and read/write
capability for preferences and playlists.
Additionally, a single level of granularity for shared access is an
avenue for spear phishing attacks. The victim has sensitive information
in their shared storage area, and downloads an innocent enough looking
app that "needs" shared access, and because access to the shared area is
all or nothing, they grant access, trusting the app, and off goes their
sensitive information to someone with nefarious intent.