Interestingly, many of the people who are arguing that apps like Path are evil for uploading contacts are the same people who are arguing that sandboxing apps/Gatekeeper are evil on OSX as well.
In reality, it's likely that all apps should be sandboxed, and that APIs to reach outside the sandbox should require user permission. However, this is at odds with everything that has gone before.
The whole concept of not trusting the applications you run is actually fairly recent I would argue less then the past decade.
Early security was about not trusting other people, and thus passwords & authentication was developed. Then with the rise of closed source off the shelf apps and viruses came anti-virus software. But this was protecting you against the distribution channel. As most malware at the time was purely malware (although potentially infecting useful software).
The problem is now we have malware that is also the software your wanting to run. While Sandboxing and such have been Computer Science concepts for decades (so has pretty much everything "new") its only now becoming important enough to consumers & business that it is being used. The initial implementations are quite poor because they have to be backwards compatible with codebases that are often decades old (Adobe Photoshop, Microsoft Office, etc).
Security is really hard to do well, and almost impossible in a completely backwards compatible way. iOS and Android will be the first platforms who are able to fix this because they are less burdened by the weight of legacy software. In a walled garden it is quiet easy to break compatibility and demand a rebuild, as long as you don't piss the developers off too much and make sure the change isn't TOO difficult you will generally get it done with a bit of complaints.
5 comments
[ 3.2 ms ] story [ 22.5 ms ] threadInterestingly, many of the people who are arguing that apps like Path are evil for uploading contacts are the same people who are arguing that sandboxing apps/Gatekeeper are evil on OSX as well.
In reality, it's likely that all apps should be sandboxed, and that APIs to reach outside the sandbox should require user permission. However, this is at odds with everything that has gone before.
Early security was about not trusting other people, and thus passwords & authentication was developed. Then with the rise of closed source off the shelf apps and viruses came anti-virus software. But this was protecting you against the distribution channel. As most malware at the time was purely malware (although potentially infecting useful software).
The problem is now we have malware that is also the software your wanting to run. While Sandboxing and such have been Computer Science concepts for decades (so has pretty much everything "new") its only now becoming important enough to consumers & business that it is being used. The initial implementations are quite poor because they have to be backwards compatible with codebases that are often decades old (Adobe Photoshop, Microsoft Office, etc).
Security is really hard to do well, and almost impossible in a completely backwards compatible way. iOS and Android will be the first platforms who are able to fix this because they are less burdened by the weight of legacy software. In a walled garden it is quiet easy to break compatibility and demand a rebuild, as long as you don't piss the developers off too much and make sure the change isn't TOO difficult you will generally get it done with a bit of complaints.