Google have decided that the app maker is best equipped to decide what access the app should be allowed. This makes perfect sense if you assume that your average user will not install the app if it requests too much privilege. The reality is that most people don't check and install it anyway because they're given a binary choice.<p>Would a better model be to allow the user to choose the allowed permissions? In some cases this would cause an app to fail, but as someone who firewalls outgoing IOS requests, this is unlikely.<p>However, it still becomes a user interface issue. Any security system that requires the user to make knowledgeable security decisions in unfair and usually just a way to offer plausible deniability.
I am a bit worried about the amount of false positives from these type of scans over the years (see antivirus scans) , and google`s lack of support or accountability in disputes. "We have found you to be guilty. We will not say what of. Goodbye" type attitudes from Google have shown up in a number of blog posts. I hope this system doesn't lead to more incorrect bans.
If they want to improve security, they should switch from the current offer-you-can't-refuse approach to a capability/interface system. An application should always be able to successfully "list my contacts". Whether it gets the complete list, an empty list, or a less-sensitive subset should be up to me (and unknown to the app).
The only truly revocable permission for applications is internet access. Each application runs as its own user (although some from the same publisher do use the same user), and this can be combined with the linux kernel's firewall to prevent internet connections to specific applications. To do this you need root access, and an application like DroidWall. By default, DroidWall only allows applications you select to have internet access. Since DroidWall is using the kernel's firewall, it doesn't need to do anything in the background, so doesn't impact battery life.
This moment is akin to Microsoft creating a free antivirus (security essentials or something) for Windows users. An acknowledgement that a real problem exists. But good that google took a step before this was blown out of proportions.
"The service has been looking for malicious apps in Market for a while now, and between the first and second halves of 2011, we saw a 40% decrease in the number of potentially-malicious downloads from Android Market."<p>I'm not sure how to read this. They detect an App is malware and leave it in the market? Or they didn't detect it until after it had been downloaded many times? The former is unfathomable while the latter indicates a gaping hole in the system.<p>"This drop occurred at the same time that companies who market and sell anti-malware and security software have been reporting that malicious applications are on the rise."<p>Don't believe all the charts showing a malware explosion on Android, they have a conflict of interest. We at the Official Google Android Blog continue our 100% neutrality however.<p>"While it’s not possible to prevent bad people from building malware, the most important measurement is whether those bad applications are being installed from Android Market"<p>Not if you're going to advertise side-loading as a feature the competition lacks.