GMail block

I work at a University which recently outsourced it's student email service to Google Apps. We have a lot of Chinese students. Many of them can no longer access their email when they go back to China because it's blocked. Fortunately we have a VPN service which they can use to bypass the block. Still a pain in the arse though.

Security warnings in android need improvement

Android has a finegrained security model which requires apps to declare what things they need access to in a manifest. The problem for me is the installation dialog that shows this is confusing and there is no further chance of intervention possible. For example, how do I tell the difference between a good address book which only dials the numbers I ask, and a malicious address book that dials a premium number in Chad at 3am?

My feeling is that Android needs to get tough and implement something like UAC by default. If an app tries to dial a number (or read private data), the OS should intervene and show a popup requesting permission to proceed and any relevant info. Apps that are doing dodgy things will become immediately obvious because of all the popups. If a user really trusts an app the dialogs could be disabled per-app from the "manage applications" settings.

UAC got a lot of stick in Vista but it served its purpose, beating up apps that asked for things they did not necessarily need (e.g. read/write access to the local machine registry). By the time Windows 7 appeared most applications were good citizens. I imagine Android would go through a similar pain process but it would emerge from the other better for it.