Comment by broker354690

> would be a catastrophic change to the ecosystem.

Hey we were already on board with this, you don't have to convince us.

The effect of this would be to make all apps request all permissions because even if you are just using some other app for a particular feature you need, you have no control over what other permissions they might add which would suddenly break any intents you send them. The only defense would be to request everything.

You could very specifically ban ACTION_VIEW intents for web URIs from apps without an internet permission I guess. But does banning apps from linking to the web (to be opened in browsers) really seem like a good idea?

ycombinatrix 2 days ago

Similar changes have been done before, the security sandbox behaves differently based on the app's minimum/target API level for backwards compatibility.

That's also why there's a warning before installing really old apps, they may run with extra permissions.

This item has no comments currently.