Why do app permissions tell what is accessed and not what is transmitted?

8 pointstangerine_beet6y ago1 comments

Why do permissions of apps listed in Google Play, as well as Firefox extensions, etc., tell what data the app can access but never whether or not the data is actually transmitted from your computer to the developer or a 3rd party? As a user, I find it frustrating to read "This app/extension can access your data for all websites" because I can understand why the functioning of some apps would need access to such data, but not necessarily need to send it to a remote server. I understand Google and Mozilla execute some kind of vetting process for their apps/extensions. Is it impossible to detemine by automated analysis of code whether or not the apps send user data to a remote server?

1 comments

sebst6y ago

Simply because technically you can block access to specific parts of data relatively easy.

To limit what is being transmitted, you'd have to not only inspect the submission, but also think of any obfuscation method.

So, if your browser asked you to limit transmission of certain parts of data, you as a user could not rely on that info, because a malicious app developer could easily circumvent the limitation.

j / k navigate · click thread line to collapse

Why do app permissions tell what is accessed and not what is transmitted?

8 pointstangerine_beet6y ago1 comments

1 comments

sebst6y ago

Simply because technically you can block access to specific parts of data relatively easy.

To limit what is being transmitted, you'd have to not only inspect the submission, but also think of any obfuscation method.

So, if your browser asked you to limit transmission of certain parts of data, you as a user could not rely on that info, because a malicious app developer could easily circumvent the limitation.

j / k navigate · click thread line to collapse