Android has come a long way when it comes to permission handling for data privacy. By getting rid of those terrifying install dialogs with huge lists of required permissions and favouring runtime permissions instead, the framework gave back the users control of how apps can access their data. This model also allows us, the developers, to ask users for each permission at the right time, effectively increasing the odds of them giving us a little bit of their privacy to work with.
Now, this is all fun and games until someone gets hurt. And by someone, I mean us, the developers, when our apps grow both in size and complexity. Add in the fact that developer teams change over time, and you got yourself a recipe for disaster. Soon enough, it’s highly likely that you’ll have permission handling code sprinkled throughout your codebase (because, you know, it made sense at some point). Worst case scenario, you’ll actually end up asking users for permissions in places where it doesn’t even make sense to ask for them. And what do users do when they get asked for location access when trying to zoom in a picture? Yup, instant uninstall, probably followed by a 1 star review.
Fortunately, Android 11 brings a shiny new feature called data access auditing, that was designed to avoid scenarios like the one described above. In this talk, I’ll explore data access auditing, and how it aims to provide more transparency into how our apps and their dependencies access private data.
rcosteira79
pangmoo
akkie76
xiombatsg
oskmr
kuroppe1819
kishida
teamlab
ivargrimstad
bkuhlmann
kudoas
kentaroutakeda
slephy2784
zakiwarfel
eileencodes
mclloyd
jennybc
addyosmani
marcelosomers
destraynor
sstephenson
trishagee
aleyda
denniskardys
swwweet
