Android has come a long way when it comes to permission handling for data privacy. By getting rid of those terrifying install dialogs with huge lists of required permissions and favouring runtime permissions instead, the framework gave back the users control of how apps can access their data. This model also allows us, the developers, to ask users for each permission at the right time, effectively increasing the odds of them giving us a little bit of their privacy to work with.
Now, this is all fun and games until someone gets hurt. And by someone, I mean us, the developers, when our apps grow both in size and complexity. Add in the fact that developer teams change over time, and you got yourself a recipe for disaster. Soon enough, it’s highly likely that you’ll have permission handling code sprinkled throughout your codebase (because, you know, it made sense at some point). Worst case scenario, you’ll actually end up asking users for permissions in places where it doesn’t even make sense to ask for them. And what do users do when they get asked for location access when trying to zoom in a picture? Yup, instant uninstall, probably followed by a 1 star review.
Fortunately, Android 11 brings a shiny new feature called data access auditing, that was designed to avoid scenarios like the one described above. In this talk, I’ll explore data access auditing, and how it aims to provide more transparency into how our apps and their dependencies access private data.
rcosteira79
happymana
syumai
ysk8hori
yusukeito
azuki
tomoya0x00
tasshi
nashiusagi
oniak3ibm
mayuki
riofujimon
kakao
stephaniewalter
chrisshort
bluesmoon
tammyeverts
samanthasiow
kneath
keathley
reverentgeek
zakiyama
csswizardry
tammielis
akosma
