Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The current problem cases are those where either the app developer can't justify it (flashlight app example in the original article) or is ready to write up actively misleading justifications (purpose-created apps with malware).

Your proposal would help only in combination where after seeing the justification, users can still choose to fake the data anyway. And if the justification isn't obviously acceptable, then a 1* review is a feature, not a problem.



Wouldn't the justification in the case of the flashlight be that they need to mine the data to keep the app free, which would at least be honest. Though gutting misleading apps from the store would be difficult.

I'm concerned more with the problems an app with a legitimate use for the data might have when the user tries a certain feature and it doesn't work properly or worse causes a problem by doing some important operation with the junk data.


If the app doesn't have my consent to have the data, then any attempted use of this data is illegitimate. If I don't want a flashlight app to view my private data, then they don't have my consent no matter what bits the phone and OS sends the app.

That's the key point of system ownership - if the developer of the program wants it to do A, but the owner of the system wants their phone to do B, then doing A is a bug that needs to be worked around. Even if it was explicitly designed and implemented that way, from the viewpoint of the user this is an anti-feature; and the current system architecture that favors the will of the app developer over the will of the user is certainly feasible, but it explicitly means giving up control over the system. And that, IMHO, needs to be fixed.

It's similar to opt-out permissions for email marketing - if some company managed to get "permission" without meaningful consent, it doesn't give any permission and their actions are still immoral and, in some places, illegal. Or click-wrap agreements "signing away" basic consumer rights that (in some places) can't be signed away - again, formal "permission" doesn't imply real permission.


The issue is that an unsophisticated user is unlikely to understand the relationship between permissions required and functionality that can be provided, let alone recalling which permissions they gave to which applications months later. Leading to confusion about why an app doesn't work. The worst part is that junk data will cause the app to fail silently and misbehave in unexpected ways.


Arguably, that's a problem with "junk apps" as much as "junk data".


It could be worst for apps that are not junk (need the permissions for useful features).




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: