Difference between revisions of "Native App Privacy"

From MgmtWiki
Jump to: navigation, search
(References)
(Context)
Line 5: Line 5:
  
 
* The first of the [[Laws of Security]] tell us that when an attacker gets to run their code on your computer, it is not longer just your computer any longer.
 
* The first of the [[Laws of Security]] tell us that when an attacker gets to run their code on your computer, it is not longer just your computer any longer.
* There are two parts to [[Privacy]] (the right to be let alone) that are should be subject to [[User Consent]] on a portable computer device, like a smart phone:
+
* There are two parts to [[Privacy]] (the right to be let alone) that are should be subject to [[User Consent]] on a portable computer device, like a [[Smart Phone]]:
 
** [[User Private Information]] that we would like to be able to share only with permission. This is the [[Data Sharing]] that is regulated by the [[GDPR]] and the [[California Consumer Privacy Act of 2018]].
 
** [[User Private Information]] that we would like to be able to share only with permission. This is the [[Data Sharing]] that is regulated by the [[GDPR]] and the [[California Consumer Privacy Act of 2018]].
 
** Attention, or just how annoying do we want a device in our immediate possession to be? (The regulation of this part is less clear.)
 
** Attention, or just how annoying do we want a device in our immediate possession to be? (The regulation of this part is less clear.)

Revision as of 15:55, 31 August 2018

Full Title and Meme

An application that is installed on a user's computing device can be given access to some parts of user Privacy.

Context

Problems

  • Each company that creates a set of privacy setting does so independently without any over coordination.
  • Each company puts a majority of their settings under the settings tab, but then there are other setting that occur in other locations.
  • Each company also supplies an "Identity Server" that provide, Apple ID, Google ID and Microsoft ID that have a rich history of providing other services, especially email.
  • Each of those ID offerings are slightly different and are responsible for the Data Sharing part of privacy.

Solutions

In spite of all the problems, the actual results are quite good as the following table shows. If a User is familiar with one service, they are likely to understand the other, at least until the Identity Server function comes into play.

iPhone Android Windows
yes??

yes??

Accnt Info
Bluetooth Radios
always always Background
Calendar Calendar Calendar
Camera Camera Camera
Contacts Contacts Contacts
 ??  ?? Email
Health yes??
Health+
Home
File access
Location Location Location

Mic

Mic

Mic

Motion

Body

Music

Phone

Call History

yes??

yes??

Notification

Photos

Purchases

Purchases

Purchases

Reminders

Siri

SMS

Messaging

Speech

Storage

Tasks

TV

Other Devs

Diagnostics

safari

chrome

File D/L

non-persist
DNT

File access

References

  1. Native App Security
  2. Native App