• conciselyverbose@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    1
    ·
    3 months ago

    If your app touches the camera and mic, it will show up on that screen that it does so. “Using the API” (which is just how the OS works) doesn’t prevent it from appearing on that screen, especially when you’re doing so for the purpose of putting video and audio in posts.

    • mox@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      8
      ·
      edit-2
      3 months ago

      If your app touches the camera and mic, it will show up on that screen that it does so.

      Showing up on that screen is no substitute for what is actually needed:

      • Individual control (an easy and obvious way to allow or deny each thing separately)
      • Minimal access (a way to create a sound file without giving Facebook access to an open mic)
      • Visibility (a clear indication by the OS when Facebook is capturing or has captured data)
      • Farid@startrek.website
        link
        fedilink
        English
        arrow-up
        8
        ·
        3 months ago

        All of those things are implemented in modern Android. Well, almost.

        • Whenever the app wants to use microphone an OS popup asks you if you want to give the app permission to use the feature. The options are “when using app”, “only this time” (it will give the app one-time-use access to the mic) and “never”. If you click the 1st or 3rd options, you wouldn’t see the popup again and you’ll have to change the permission from settings. If you choose the 2nd option, you can manually choose to give permission each time it’s requested.
        • This is impossible? The OS can either let the app use the mic or not, it can’t tell what the app is doing with the mic. Unless you mean give a one-time permission this time, but not in the future, then we covered that in previous point.
        • Android always shows a green indicator on screen (upper right corner) when any app is using the microphone or camera API. Well, almost always, some system apps might not trigger it. But if you want to see which app is using mic/camera you can tap the indicator.
        • mox@lemmy.sdf.org
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          11
          ·
          edit-2
          3 months ago

          All of those things are implemented in modern Android.

          No, they are not all implemented on any version of Android that I’ve seen. I don’t know about iOS.

          Well, almost.

          Right. We don’t need just a few pieces of what I listed. We need them all.

          an OS popup asks you if you want to give the app permission to use the feature.

          That’s not a bad interface, but it doesn’t address what I wrote: Individual control.

          Why should email address, sexual orientation, and home address be lumped all together into a single permission? Lumping installed apps and search history together isn’t much better. Why should a music player, which obviously needs access to music files, be also granted access to biometric data like voice recordings?

          This is impossible? The OS can either let the app use the mic or not,

          Of course it’s possible. The OS can record the file and then hand it off to the app. No microphone access required.

          Android always shows a green indicator on screen (upper right corner) when any app is using the microphone

          That alone is better than nothing, but not enough. How is a user to know if something was captured when the screen was off?

          These things are indeed improving as new versions come out, but at a glacial pace. Heck, it was ages before Android stopped letting apps spy on each other’s log messages. It’s now at version 15 and still doesn’t have basic controls like restricting network access.

          • Farid@startrek.website
            link
            fedilink
            English
            arrow-up
            8
            ·
            3 months ago

            When I said “well almost” I meant the impossible case in the second point. Otherwise, everything is implemented as a I listed. What kind of Android do you use that you haven’t seen these features? This granular permission system has been the standard since Android 11.

            In iOS it’s implemented in a very similar manner, but I don’t use it as often to describe it in as much detail as with Android.

            The OS can create the file and then hand it off to the app.

            That is also implemented, but is a separate API, storage access. You’re free to upload any file you like if the app requests it. You can create the file with any voice recorder of your choosing. Although I can’t imagine a scenario where Facebook would request a voice clip. When it’s requesting the mic it’s usually for live audio, like calls.

            How is a user to know if something was captured when the screen was off?

            It’s true, if you gave the app permission to use mic whenever the app is running, it can in theory quietly use mic in the background. If you start a call and lock the screen, the call will continue in the background. Not sure if there are any safety measures implemented for that. But if the case was of a routine sneaky mic spying, it will become obvious fast, due to battery drain and network usage.

            still don’t have basic controls like restricting network access

            There are some network controls, like restricting background data usage (depending on Android version/implementation). But yes, there’s still no granular network permission system, you have to manually go into setting to turn on restrictions. Thought to fair, there isn’t a consumer OS out there that lets you easily restrict network access to a certain app, even on desktop (correct me if I’m wrong). And I can see why, it would be counterproductive for vast majority of users to manually give network access to each app they install, when the whole point if the device is to have apps that have network access.

            • mox@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              3
              arrow-down
              3
              ·
              edit-2
              3 months ago

              I appreciate that you’re articulating your thoughts pretty well without resorting to the adversarial nonsense I’ve received elsewhere in this thread, so thanks for that.

              It’s still clear that I haven’t been understood, but I’m exhausted from trying. (Again, mostly not from you, so please don’t take it personally.) Time for me to put lemmy away for the day, I think. Take care.

              • Farid@startrek.website
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                3 months ago

                Hey, I saw that you added more content to the comment that I responded to, that wasn’t there when I was composing my response. And seeing that content, I think I understand where the confusion is coming from.

                If that screenshot is yours and you think those are the permissions, I don’t think that’s the case. That looks like a screenshot from an app store where it just lists what data the app might be using and not the permission system. It’s just a list of categories of data that may or may not be collected if you use the app, which must be disclosed by the developer. You can’t agree or disagree to those things from the OS side, because that’s all that happens on the developer’s side. In case of FB, you might be able to opt out of those things in their settings, but I wouldn’t bet on it, cause that’s their bread and butter.

                For these things it doesn’t matter if you, for example, gave them direct access to the mic or uploaded the audio file, they will process the audio file and gather as much useful information as they can.

                In fact, if you don’t give it any hardware permissions, they will still be able to gather some information, for instance from the Personal Info category (email address, sexual orientation, and home address, etc.) because you enter that info on registration or they infer it from your usage. The OS can’t do anything about that. As long as you use the app and interact with it you give them information, what you clicked, which posts you liked, what you commented and so on.

                When it comes to OS, you can individually (separately) give permission for mic, camera, location data, file storage, contacts info, etc. Most of the things listed in the “Data collected” panel doesn’t even come from your phone hardware.

                Let me know if I have now understood you correctly.