Interesting
Does that mean that I will finally be able to control what an app has access to in my vanilla Android install ?
I hope so.
It looks like user accounts are coming to Android. This thread in the Android developer preview mailing list includes a post in which a user asks (with spelling and punctuation anomalies) for something like this: Tablets are able to have multiple accounts for multiple users, allowing the users to install an app only for …
@MrXavia I would really value the "revoke permission / fail gracefully" capability. Too often feel I have the choice between giving away the keys to the front door or not running the app at all.
As for multiple users on a phone I can see the value, but it's more of a nice to have for me. Would prefer they sort the app security first.
This post has been deleted by its author
I'm not saying this is the same as having the functionality natively, but for a techie, you can use 'xposed' without cyranogen etc. to remove privileges, and other apps to remove events.
("Android Tuner" combines these in a nice logical permissions gui)
I mainly use it for event disabling. The number of apps that request to be started up just because I plug in the charger caused the tablet to crawl.
Unlike permissions, you can generally kill all events without buggering up the app.
I use 'maps' and G+ once in a blue moon, so why do they attempt to startup on bootup, and everytime you fart, or look at the tablet in a funny way...
In some work contexts you get situations where people share devices i.e. handing over a tablet at the end of a shift. The corporate products like Citrix Worx Home/Receiver are based on the idea that the device = a single user = your identity - which can lead to issues where some people have application privileges they shouldn't have i.e. handing someone a device means you're effectively handing over your password.
If Android (or iOS for that matter) get first class support for multiple users it should make it easier for corporate products to control the corporate experience on a per user basis.
Android already has support for multiple users, each with their own log in and each user can be restricted from installing or running anything (all data is separated also).
You can also manage each device from a remote management platform.
However this is for tablets, this post is about allowing it on phones also (although the article fails to make this clear).
I'm not sure I would trust this, especially not in a BYOD environment. Given the tendency of many to just click "allow all requested permissions" when installing a new app, how long before some bit of malware gets out there with a "grant admin rights to app" permission, which can then raid all accounts?
A good idea in principle, but I think Android still has considerable distance to cover in security terms - largely in making sure that it's users are educated to not just allow requested permissions for the apps they install - before this can really fly.
This post has been deleted by its author
This post has been deleted by its author
Yes, Nook HD+ support multiple profiles - it's much more a parents-and-kids thing than anything that would have an impact for BYOD and I suspect that the google development will be much the same (and frankly I can't see anything on the device ever being sufficient for a properly secure BYOD setup anyway).
One of the first things I did was 're-unixfy' my tablet.
I have a full command set, users (/etc/group; /etc/passwd etc) home directories, ssh daemon, cron, boot.d/rc.d nfs mounts for media, native ipv6 ( com.google.process.gapps always connects via ip6 to 2a00:1450:400c:c0a::bc:5228), iptables (athough to be fair my tablet came with a nfs/ipv6/ipfilter enabled kernel ..), unix based 'su' (based on unix passwds not some gui allow screen (although to fix the 2 apps I use that require root I fudged by manually altering the 'su' code to let them su with no tty prompt.)
I don't trust it enough to assume it's unrootable - alot of the android subsystem runs with root privs, and it plays fast and lose with some file protections (though I try to proactively monitor/fix them), but it's basically a working unix subsystem - you can do wonders with a little knowledge, busybox, mksh, dropbear, and a suitable cross-compiler and then native gcc!)
As there are Apps out there that can allow you to selectively dial back the rights that an App can exploit, this multiple user/profile needs to also factor this into any implementation.
More than happy for the kids to pick up the phone for a game, but it would be nice to dial back any rights on a per user basis such that when they are using it, it is a glorified games console. when I use it, its full potential is available.
Otherwise - this falls short of being truly useful.
Of course, this will mean that the people need to be as thoughtful about their phones/tablets as they are about the home PC.... Oh well, queue the arguments.