Technically, Google isn't wrong about this...



  • Users who installed Yahoo Messenger also installed...

    Thanks, Google. Useful.


  • sockdevs

    icons are different. looks like one of those look alike apps or something. probably an ­ in the name or something. :-P


  • Winner of the 2016 Presidential Election

    Facts :barrier: jokes



  • I know that there are two official Google Hangouts apps on the Chrome web store. It's possible there are multiple official Yahoo Messenger apps as well.



  • The RWTF is having Yahoo Messenger installed.



  • Play Store is full of dupes and fakes. Not surprising.


  • sockdevs

    possible, yes, but given the copycats balance of probability is that one or the other shown is a fake.



  • They're both Yahoo apps - one's called "Yahoo Messenger Plug-in" which gets its name truncated.

    https://play.google.com/store/apps/details?id=com.yahoo.mobile.client.android.imvideo


  • sockdevs

    So TR :wtf: is you need two apps to do one app's job :crazy:



  • Maybe because the video calling is in beta and they don't want to break it for everyone?


  • sockdevs

    @RaceProUK said:

    So TR :wtf: is you need two apps to do one app's job

    QFT


  • sockdevs

    @loopback0 said:

    Maybe because the video calling is in beta and they don't want to break it for everyone?

    Except it'll be broken for everyone anyway, as the standalone app can't do video calling; that's what you need the plugin for



  • I meant breaking the core app, not breaking video calling.


  • sockdevs

    It wouldn't break the core app if the feature is correctly isolated code-wise :stuck_out_tongue:



  • Yes and I'm sure in your perfect world up in the clouds every developer does that.
    But here in the real world people add features to apps, something goes wrong, and that feature causes the app to crash. This way, if it's fucked, you remove the plugin and you're back to just messaging in Yahoo Messenger like it's 1998.

    I'm not saying it's the best way to do it, just that it'd be a perfectly reasonable reason for having an app and a plugin. If that is indeed the reason, which it could not be.



  • Also permissions.
    The "core" app doesn't need the same permissions as the video calling plugin.
    This is a really great idea in fact - you only give up the permissions you're happy with.



  • In opposition to Facebook messenger. Is there any permission it does not require?


  • sockdevs

    @lightsoff said:

    Also permissions.
    The "core" app doesn't need the same permissions as the video calling plugin.
    This is a really great idea in fact - you only give up the permissions you're happy with.

    That… makes astoundingly good sense


  • mod

    @swayde said:

    Is there any permission it does not require?

    Let's see, on my phone it requires:

    • find accounts on the device
    • read your contact card
    • read your contacts
    • approximate location
    • exact location
    • edit text messages
    • receive text messages
    • read text messages
    • send text messages
    • call phone numbers
    • read call log
    • read usb storage
    • modify or delete usb storage
    • take pictures and videos
    • record audio
    • view wi-fi connections
    • read phone status and identity
    • run at startup
    • send sticky broadcast
    • prevent phone from sleeping
    • view network connections
    • read battery statistics
    • install shortcuts
    • change audio settings
    • read Google service configuration
    • draw over other apps
    • full network access
    • read sync settings
    • control vibration
    • change network connectivity

    I think that leaves off.... "add voicemails", bluetooth, and "brick"?


  • sockdevs

    @Yamikuronue said:

    I think that leaves off.... "add voicemails", bluetooth, and "brick"?

    Don't worry, the next version will fix that issue ;)


  • area_deu

    @RaceProUK said:

    That… makes astoundingly good sense

    It does not - AppOps should be actually made accessible to everyone all the time and App developers should design their Apps to be able to work with reduced permissions.

    Seriously, FUCK GOOGLE AND - MOST OF ALL - FUCK THE ECOSYSTEM.



  • Correct.
    But what yahoo is doing is the only way to allow users to opt out without having root (as far as I can tell).
    I run cyanogenmod, I can restrict permissions per app.


  • Grade A Premium Asshole

    @swayde said:

    In opposition to Facebook messenger. Is there any permission it does not require?

    "World Domination". That part of the app is still in beta.



  • @RaceProUK said:

    That… makes astoundingly good sense

    Only in the sense that the basic permission model is completely eff-ing broken. Installing secondary 'add-on' apps is a poor patch for the lack of dynamically granting and revoking permissions to and from installed apps.



  • @Ragnax said:

    the lack of dynamically granting and revoking permissions to and from installed apps

    Oh that sounds like a splendid idea! Let's have apps that can grab rights at a whim. Totally no security concern there.


  • Winner of the 2016 Presidential Election

    @Yamikuronue said:

    brick

    Almost. The only reason it doesn't do that is because Play Store will stop it from downloading unless there's enough space to begin with. If Google were to fuck that up it would brick it just fine - with no space left on device the next boot would most likely just end up in tears.

    Seriously, the damned thing is starting to get ridiculous with it's update sizes. Luckily, I neither need it nor use it, and since I always at the very least root my phone I can always just remove it. Fuck you too, manufacturers, for adding Facebook app and making it so I can uninstall it. Some of us don't use it, TYVM.



  • They could ask the user - as both iOS and Windows Mobile does...



  • What is the point of asking? The app is already installed. Should it ask when it wants to execute those rights? That would lead to an security pop-up avalanche.



  • I'd say let it be configurable during/after install, with options of 'allow', 'deny', or 'ask every time', defaults set by the app developer and reviewed during install.



  • It's no problem on those platforms now.



  • Like this:



  • @PleegWat said:

    I'd say let it be configurable during/after install, with options of 'allow', 'deny', or 'ask every time', defaults set by the app developer and reviewed during install.

    Exactly what I was thinking of.



  • @Luhmann said:

    That would lead to an security pop-up avalanche.

    Not if you design your app around that particular limitation and don't assume (like a lazy shithead) that your code will be running with full admin permissions ca. Win98.



  • @PleegWat said:

    I'd say let it be configurable during/after install, with options of 'allow', 'deny', or 'ask every time', defaults set by the app developer and reviewed during install.

    Asking every time is just going to get annoying though. Let someone choose on installation, and then shut up as long as the user can go back and edit it IMO.

    Android 'M' is rumoured to give users more actual control over some permissions.



  • Seriously, the solution in cyanogenmod is damn near perfect. Even lets you set and apply defaults for all apps, which you can override per app.
    (android k had this afair, but it was removed again - users got confused)
    Only downside is apps crashing of failure to aquire permission. I'm not even sure you can recover properly from permission denied...



  • @swayde said:

    Seriously, the solution in cyanogenmod is damn near perfect

    Except for the...

    @swayde said:

    apps crashing of failure to aquire permission.

    Which renders it useless each time you get one of those apps.

    To be honest, I don't even look at the permissions most apps need because I don't just install any old shit.



  • How do you suggest cm should solve this? I'm thinking it's more a design / programmer error to crash on that.

    @Ragnax said:

    Not if you design your app around that particular limitation and don't assume (like a lazy shithead) that your code will be running with full admin permissions ca. Win98.



  • @swayde said:

    How do you suggest cm should solve this?

    It can't, as has been identified already because:

    @swayde said:

    it's more a design / programmer error

    It doesn't change what I said though.



  • Agreed. Though feeding the app fake data seems viable in some cases.


  • sockdevs

    A possibility, but that could have other undesired behaviour.

    Thing is, Google should have implemented a proper permissions system from day one. Microsoft is actually ahead of them in this area; right from the beginning (7.0), WinPhones have had a permissions system where apps asks for certain permissions, such as using GPS location data, as they need them.


  • Winner of the 2016 Presidential Election

    True. I imagine that if an app asks for, for example, contacts, you could just feed it a blank contact list without much harm.

    Bad location data could cause weirdness, so a plain old SecurityException would probably be your best bet there...



  • Why is it only things with "apps" that have fine-grained permissions systems? Why can't desktop operating systems do that as well? Why is it just three-state "program is not running" -> "program is running as user" -> "program is running as admin"?


  • Winner of the 2016 Presidential Election

    Because "We Never Had To Before So Why Should We Now tm "



  • Well, with so much "everything is a phone", we somehow managed to avoid any of the good parts and just focus on "we need giant buttons and really cheap graphics".



  • @ben_lubar said:

    Well, with so much "everything is a phone", we somehow managed to avoid any of the good parts and just focus on "we need giant buttons and really cheap graphics".

    {looks around the webpage this comment was posted on... flat/broken interface, cheap graphics, giant buttons}

    Yup.



  • Re: fine grained privacy on Android. On all (aka: both) the Android devices I've owned, the very first thing I did was root it and install XPrivacy. It gives you fine-grained control over every permission for every app. Allow/deny entire categories, or specific permission in the category (for example, you can let it check if wifi is connected, but refuse the app to use it). It also feeds fake data for every possible permission-- contacts, GPS, etc.

    It applies a default, crowd-sourced template to each app, but also does popups whenever an app tries to use a permission. You can allow/deny, once/permanently, on the permission or the entire category. If an app fucks up because of that, you can modify the permissions after the fact.

    In other words: I can run the Twitter app without letting it have spammer access to my entire contact list, stalker access to my GPS, etc.



  • Speaking of shitty applications asking to do things they shouldn't need to do, what the fuck is Duckpores doing now?

    I didn't even know browsers had a "Notification" functionality. I've never in my life seen that. What kinda of doorknob-dead shit is Discourse trying to do that would use it? Here's a hint, if what you're trying to do triggers warnings on a browser-- DON'T DO IT.

    Wow.


  • Winner of the 2016 Presidential Election

    @Lorne_Kates said:

    XPrivacy

    + :fa_mobile:
    Unless, of course, like me you don't actually care that much because you don't install those kind of apps and/or have Cyanogenmod and its built-in stuff.

    Some people actually use Twitterbook though so they can't just not install the apps :)


  • Winner of the 2016 Presidential Election

    That's not actually a WTF - I like that feature, because it's useful when the forum is on another tab or something. If you don't want it, just tell it not to show notifications :)



  • If you have the forums open in a tab, it'll pop up a little notification in the bottom right of your screen when someone replies to you.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.