"What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed."
Really? This has NEVER been my experience with OAuth or similar protocols. It's always all or nothing, and I can never:
- limit the scope of any given type of permission
- find out which data was actually accessed
- limit the number of permissions given (it's all or nothing)
I realize this takes much more work than simple protocol, but it's the same as on Android: either an app takes EVERYTHING they ask for, and noone tells you how exactly they used those capabilities (no api log, no nothing), or you can't use the app.
I would much prefer a solution which lets me:
- understand full scope of data access (what does it mean that a web-app can "manage my contacts" in Google account? Manage as in... delete? Change their details arbitrarily? What?!)
- see full list, by app, what was actually accessed, and when
- be able to pick which things I want the app to do, and which I don't
- define (with groups, individual item selection or similar) which specific items I want the app to access
If the app breaks because it doesn't support partial access, so be it. But not designing this ability into the UI is basically forcing users to forever become oblivious of how technology works.
OAuth is a framework to allow access. It supports the idea of scopes, which would for example allow Google to grant an app "read rights for the last 30 days" or "read rights on contact list" but not "update contact list" etc. The scopes are entirely up to the discretion of the resource manager. In the case of Gmail, that RM is Google.
OAuth does not prescribe any feedback loop. There's nothing in the OAuth framework that says "RM must keep a record of what accesses have been made, and when; and must disclose that record to the data owner (you) upon demand, via a reasonable web UI".
It would be a good idea to have that, but it's not required, or precluded, by OAuth.
OAuth ALSO does not require that the RM give you, the data owner, the ability to review and revoke your prior granted consent. But most RMs do this.
Marshmallow is much better about this. You can actually control what apps can read, what they can write, etc. I wish it prompted you during the installation of the app, but it's getting better.
Yeah, for those that don't know, you can go into Settings -> Apps -> pick an app -> Permissions and disable them at will. I believe only apps compiled against a Marshmallow SDK version will prompt you at runtime, and there's little (or even negative) incentive for app developers to do that yet.
There's a great incentive on automatic updates. If you updated an app pre marshmallow with an extra permission it required the user to approve the update and that ultimately creates a problem with a large user base stuck on older versions.
Maybe for new apps there's less incentive to reduce access, I can't think about any other than compliance and user scrutinity. It's easy to spot bad reviews complaining about excessive permissions for some apps.
Does this mean they brought back PrivacyGuard? That was the main reason I switched to Cyanogen - to be able to use apps without giving in to their often ridiculous demands for access to my personal information.
> "What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed." Really? This has NEVER been my experience with OAuth or similar protocols
You point out one of my HUGEST frustrations, "either an app takes EVERYTHING they ask for, and noone tells you how exactly they used those capabilities (no api log, no nothing), or you can't use the app". I hate this aspect of OAuth and am so desperate for a simple solution. But I sincerely doubt one is coming-- at least not for a while...
The solution you're looking for is OAuth. It's in fact never been "all or nothing", its' always been a choice by each app and service. The reason most apps ask for everything is because 99% of users don't understand or care, and if you try to explain it to them, they'll get confused, bored, or nervous, and not use your app.
"What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed."
Users are free to revoke their their permissions at any time, but they won't be able to use an app without the permissions. You could very easily build a UI with user-variable permission scopes on account creation/management with OAuth, but no one bothers, because it would be a pain to manage on the backend for zero economic gain.
I realize this takes much more work than simple protocol, but it's the same as on Android: either an app takes EVERYTHING they ask for, and noone tells you how exactly they used those capabilities (no api log, no nothing), or you can't use the app.
I would much prefer a solution which lets me: - understand full scope of data access (what does it mean that a web-app can "manage my contacts" in Google account? Manage as in... delete? Change their details arbitrarily? What?!) - see full list, by app, what was actually accessed, and when - be able to pick which things I want the app to do, and which I don't - define (with groups, individual item selection or similar) which specific items I want the app to access
If the app breaks because it doesn't support partial access, so be it. But not designing this ability into the UI is basically forcing users to forever become oblivious of how technology works.