"In my opinion, the users should be educated about the very sophisticated permission system on Android instead. The user should learn to determine whether a permission should be required by an app"
That's just ridiculous.
[editing to expand...]
Software firewalls never took off on the windows platform because asking regular users about just one permission (should app X be able to contact the internet?) proved impractical.
Expecting end-users to be able to understand BROADCAST_STICKY ("Allows an application to broadcast sticky intents"), MANAGE_APP_TOKENS ("Allows an application to manage (create, destroy, Z-order) application tokens in the window manager"), and REORDER_TASKS ("Allows an application to change the Z-order of tasks") is pure fantasy.
The more experience with end users I get the more my design goal is security in spite of them. (I recently got an email from a user who was disappointed that a program I wrote prevented him from doing what he wanted to do, even though what he wanted to do was illegal and would expose him to substantial liability.)
"Click next to ruin your life" is not good application design. I shudder at "Carefully evaluate whether any of the following statements allows a malicious person to ruin your life."
Software firewalls never took off on the windows platform because asking regular users about just one permission (should app X be able to contact the internet?) proved impractical.
Have you used Windows lately? Windows Firewall asks me every time a new app tries to connect to the internet. It does that by default.
While I agree that complex security decisions aren't something we should pass on to users. I think computers have hit the ubiquity point where our schools need to teach a basic safe computing course. Much like we teach sex ed.
I don't think this is too much to ask. Anyone who uses apps on Facebook are well aware of the permissions and probably deny some apps beacause of what they ask for.
Sure some of the Android permissions are a little obtuse, but users are definitely aware of those permissions that are important.
That's just ridiculous.
[editing to expand...]
Software firewalls never took off on the windows platform because asking regular users about just one permission (should app X be able to contact the internet?) proved impractical.
Expecting end-users to be able to understand BROADCAST_STICKY ("Allows an application to broadcast sticky intents"), MANAGE_APP_TOKENS ("Allows an application to manage (create, destroy, Z-order) application tokens in the window manager"), and REORDER_TASKS ("Allows an application to change the Z-order of tasks") is pure fantasy.