-
Notifications
You must be signed in to change notification settings - Fork 8
Example Techniques for Privacy Enhancement
All over the Internet many very helpful tutorials about Android development can be found. Be sceptical whenever you wish to use a tutorial. Look for alternatives especially if the tutorial includes the usage of a permission. For example if an application needs the screen to stay on, this can be done by settings flags by two lines of code. But many tutorials and answers in forums mention the prevent phone from sleeping permission, which in this case is exaggeration.
The content of the clipboard can be accessed by all applications without user notification. Thus, the clipboard is a very dangerous place for privacy-sensitive data. A Privacy Friendly App should never automatically copy data to the clipboard without informing the user. If data is copied a toast should inform the user. In case it is intended that data is automatically copied to the clipboard, the app should integrate the possibility the switch this behaviour off in the settings.
Apps that are dealing with data like passwords or PINs should prevent screenshots. This question on stackoverflow explains how to block screenshots.
A user should always have the possibility to delete privacy-sensitive data or maybe also reset the application.
##Permissions
In some cases the usage of a permission can be saved by using intent instead. For example pictures of the gallery could be accessed via intent instead of using the camera permission to take a picture. There are many such scenarios. The enhancement come from the fact, that using the intent always come together with user interaction. In contrast using a permission gives the application the power to use the requested resource at any time. Thus, a user cannot control if an application with the camera permission might take pictures in secret. However, usability must be taken into consideration.
Since Android 6 the possibility to request permissions during run-time has been added. Thus, the permission has to be requested, when the user actually uses the feature the permission is required for. If a user never uses the feature the app never gets the permission to the resource.
The help page in the Privacy Friendly App should explain the usage of permissions and the consequences if the permission if not granted by the user. Furthermore, a dialogue might explain the purpose in one sentence when the permission is requested.