←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 3 comments | 30 Aug 25 12:03 UTC | HN request time: 0.008s | source
Show context
Disposal8433 ◴[30 Aug 25 13:01 UTC] No.45074267[source]
Sandboxing should prevent most of those issues. We can't control the users giving permissions to everything, but with more control on those permissions, or disabled by default, a phone should stay pretty safe, or am I missing something?
replies(3): >>45074326 #>>45074353 #>>45081846 #
rafram ◴[30 Aug 25 13:12 UTC] No.45074353[source]
People have been trained to tap through those prompts without really reading them, and it’s unreasonable to expect a less technical user to know what the implications of granting a permission are.
replies(4): >>45074405 #>>45074427 #>>45081105 #>>45084351 #
Lvl999Noob ◴[31 Aug 25 07:21 UTC] No.45081105[source]
I want an option to give fake permissions. A lot of apps are pretty necessary (due to network effects). I don't want to give my contact or location data to them but they also refuse to work without it, even though they don't it for the stuff I am doing. So just let me provide fake data instead. As far as the app is concerned, it has the permissions it so wanted.
replies(1): >>45081364 #
stavros ◴[31 Aug 25 08:05 UTC] No.45081364[source]
That used to exist, but it's bad UX, because the user doesn't understand why the app they didn't give permissions to doesn't work well, and gives it a bad review. It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.
replies(1): >>45086059 #
ryandrake ◴[31 Aug 25 19:07 UTC] No.45086059[source]
> It's better UX for the app to say "I can't work without this permission", though it's worse for tech-savvy users.

The app shouldn't get to decide what permissions it "can't work without." That's how you get calculator apps that claim they can't possibly work without GPS location.

replies(1): >>45086076 #
1. stavros ◴[31 Aug 25 19:09 UTC] No.45086076[source]
An app that shows a map should definitely get to decide that it can't work without a location permission.
replies(1): >>45086302 #
2. ryandrake ◴[31 Aug 25 19:31 UTC] No.45086302[source]
Why? The user might want to just browse the map without displaying his location on it. The user might want to just provide an address instead of his own location (assuming that function exists in the app). Why not just let the user run it, and let whatever actually needs the permission fail gracefully? Whether or not the app functionality lost is worth providing access to data gated by a permission should be up to the user, not up to the developer.
replies(1): >>45086321 #
3. stavros ◴[31 Aug 25 19:34 UTC] No.45086321[source]
Because giving the app fake location data when the permission is denied leads to the user complaining that the map isn't showing their correct location. Apps don't want to get a bad rating for user error.