I'd like to see the actual uses of the requested permissions added as legally binding commitments by the app developer.
Android does this thing now (which is cool as far as it goes) where it warns you about everything an app could hypothetically do with the access it needs. It's the equivalent of getting a warning every time you install a desktop app saying, "This app could: Delete all your files; Steal your email; Record you on your webcam without your knowledge ..."
What Google could do is add a little "details" link after each requested permission, with a text field from the publisher. Like, "This permission is used to: show icons of your favorites and contacts in the launch area."
The Play Store agreements could clarify that these are legally binding commitments the publisher is making directly to the user (meaning the user could sue if the publisher lied), and require the user to re-approve if the text changed.
That wouldn't stop random developers from just lying, but it would make it pretty likely that an app from Nokia or Yahoo or Disney or whatever was only doing what it said.
Android does this thing now (which is cool as far as it goes) where it warns you about everything an app could hypothetically do with the access it needs. It's the equivalent of getting a warning every time you install a desktop app saying, "This app could: Delete all your files; Steal your email; Record you on your webcam without your knowledge ..."
What Google could do is add a little "details" link after each requested permission, with a text field from the publisher. Like, "This permission is used to: show icons of your favorites and contacts in the launch area."
The Play Store agreements could clarify that these are legally binding commitments the publisher is making directly to the user (meaning the user could sue if the publisher lied), and require the user to re-approve if the text changed.
That wouldn't stop random developers from just lying, but it would make it pretty likely that an app from Nokia or Yahoo or Disney or whatever was only doing what it said.