Re: A bit light on details
It does indeed sound stupid.
And it harks back to making permissions be exactly what they say they are, and should always have been. Permitted or not.
What this is saying is that apps have been getting permission to do things they never should have been allowed to do, and which users never allowed them to do, just by being installed. Google are (apparently) going to put a stop to that - not by denying the permissions that aren't explicitly granted - but by putting up a UAC-like PIN prompt on new permissions. Which is just stupid and inconvenient. And then they'll forever-remember that grant of permissions. How about, we deny by default unless you specifically allow a permission, and after initial install (ONE PROMPT on install, with customisable Yes/No permission options) you have to manually change the permissions for that app if you want it to work after that (might stop a few of those "this app suddenly wants to get on your Facebook with the latest update" junk) - or uninstall and then reinstall to get the first-time prompt.
I love Android over its competition but app permission are, and always have been, bloody ridiculous on it. "This app wants all these permissions. Install it?" Where's my choice? How about "yes, install it, but a fun camera app doesn't need to sort through all my files and upload them to Facebook"? Then they added, much later on - almost a whole alphabet later on - the option to fake or revoke certain permissions.
But still you can't stop malware being installed that sniffs the on-screen keyboard? That's still ridiculous. And at what point do I get the option to remove vendor-installed apps that don't have a remove button without rooting the device? Because if the manufacturer can do that, so can malware. And why can't I move ALL apps to the SD card still?
This new "login once and I'll remember forever" doesn't solve any existing problem. Apps that aren't supposed to be sniffing the keyboard shouldn't be installed already, or bypassing the permission system. And apps that are given permissions never get that permission re-asked or revoked unless the user explicitly does that? It's just silly.
Theft of the phone isn't a issue, however, as you should have a lock-screen PIN and encryption by default, and in that case it's game over for any thief unless they stole it while you were using it. And the various device manager apps can still forcibly wipe it, lock it, locate it, etc.
More worrying is that they think the solution is having even less say in what authorised apps can or can't do over time. "You authorised it" isn't the security answer. The security answer is "What part of this do you want to authorise, when, how long for and do you want me to let the app know or should I just fake it so that it can't tell it hasn't got what it asked for?" Sure, hide that behind an advanced menu, don't baffle novice users, but taking a single authorisation as "this app can do what it likes in perpetuity" isn't security.
"No, you can't access my camera, or use pay-for services - you're a fecking GPS compass app, for God's sake" is the correct answer.