A couple days ago I was informed that the Facebook app on my Samsung Galaxy S3 wanted to update. But it needed me to agree to some additional permissions for the app. I clicked the button to see what they were and was greeted with this:
I was more than a little surprised by the things that Facebook expected me to agree to let them have access to on my phone. Let’s be honest, that’s a pretty invasive list of things that I’m being asked to agree to allow and trust that Facebook will do no harm.
So I decided not to upgrade.
Here’s the thing, though. While I was originally angry with Facebook (I still am to some degree), I realized that Google is to blame here as well. They’ve developed this “all or nothing” permissions model. It’d clearly be more friendly to the user if every one of those permissions had an associated checkbox. That would allow me to choose the things which are reasonable and uncheck those that are not. The price, of course, is that I wouldn’t get the application’s full feature set. But maybe I don’t need or want all those features anyway.
I just want to post cat pictures and stuff. Let’s leave my SMS messages and wireless network connections out of it, OK?
This “take it or leave it” system really doesn’t allow for that use case.
I’d remove the app entirely, but I do use the 2-factor authentication codes that it generates. So I’d need to find an alternative way of getting those.
If this was a desktop app, I could at least run it inside a Virtual Machine and manage what it has access to. Maybe we should expect next generation phones, as they’re going to be more and more powerful, to offer similar virtualization? Seems like the wrong solution to me, but I wouldn’t be at all surprised to see it.