> if the user allows it to access the SD card. And since majority of the people allows everything on their Android device
1. So basically, if you're installing an app AND you're allowing the app to access all of your phone (and its dirty secrets)
2. I don't see why whatsapp would encrypt the chats (I might be very wrong on this one), isn't it better if we can access them offline through a computer if the phone crashes?
3. Bigger picture: at first, dividing permissions and asking for the user to accept them was a good idea, but now we tend to accept anything because in the end, we want to use the app. Same problem with facebook login, google login, where we tend to accept whatever info websites request just to get to the app.
There are endless good reasons for an app to request access to the SD card, so I would say it's still very reasonable to trick anybody into accepting it.
The idea of handling the SD card has a global shared filesystem that totally bypasses the application sandbox is a security disaster from the get go. Fortunately, SD cards are on the way out, and Google doesn't even bother to fix it at the system level since they're dropping it anyway at some point.
1. So basically, if you're installing an app AND you're allowing the app to access all of your phone (and its dirty secrets)
2. I don't see why whatsapp would encrypt the chats (I might be very wrong on this one), isn't it better if we can access them offline through a computer if the phone crashes?
3. Bigger picture: at first, dividing permissions and asking for the user to accept them was a good idea, but now we tend to accept anything because in the end, we want to use the app. Same problem with facebook login, google login, where we tend to accept whatever info websites request just to get to the app.