Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Actually as of the Android M preview you can get the user email address without any permission guarding.

This is because GET_ACCOUNTS is under PROTECTION_NORMAL, and so it is automatically granted at install time.



Ouch, that's certainly a step on the wrong direction. I guess they get points for consistency, but they're being consistently bad.


If they've found that users almost always say yes to it, that might be the correct choice for being consistently usable even if you (and I) dislike that choice.


Enabled-by-default is a defensible choice (even if we don't like it), but it sounds like this is un-disableable, which I think is not defensible.


I am not sure how it should be handled. Allowing an app to automatically propose the user's email in a login form is pretty good in terms of UX ... but it means that the app can access to that data.


It seems pretty clear how this should be handled, no? If the app wants to do it, then, as with anything else that might make the user experience better at a privacy cost, let it ask for permission to do it!


Having to ask for the permission to display the email just for the autocomplete makes sense from a privacy perspective, but defeats its UX purpose. A better solution would probably be to continue to move away from email + password logins and ask the user to login once in an OCD platform and then only propose this in order to signup/login to an app.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: