Having more fine grained permission controls for power users would be good, but it wouldn't be enough to fix Android's current security model. Most people don't read the permission list (even the simplified one) when installing a new app. Most people aren't power users who would take the time to understand and fiddle with Privacy Guard-like controls.
Granting all-or-nothing permissions at install time is not a viable security model for a consumer-oriented operating system. It could work in an enterprise environment where each new app has to be approved by management and go through a lengthy 'certification' process. However, unlike enterprise apps, Android has otherwise decent security based on the Linux kernel and proven, rock-solid app sandboxing.
Android needs to split the current permission list into two categories. Basic ones (like Internet access) that could be granted at install time and privacy-oriented ones (Camera, Location, etc.) that the user gets prompted for, just like on iOS.
Breaking existing apps could be avoided by feeding them empty or fake data (Location not available, Camera in use by another app, etc.) and providing new APIs to detect rejected permission prompts for developers who decide to update their apps.
Users have a right to privacy and the operating system shouldn't require sysadmin-level knowledge to let them protect their data.
Granting all-or-nothing permissions at install time is not a viable security model for a consumer-oriented operating system. It could work in an enterprise environment where each new app has to be approved by management and go through a lengthy 'certification' process. However, unlike enterprise apps, Android has otherwise decent security based on the Linux kernel and proven, rock-solid app sandboxing.
Android needs to split the current permission list into two categories. Basic ones (like Internet access) that could be granted at install time and privacy-oriented ones (Camera, Location, etc.) that the user gets prompted for, just like on iOS.
Breaking existing apps could be avoided by feeding them empty or fake data (Location not available, Camera in use by another app, etc.) and providing new APIs to detect rejected permission prompts for developers who decide to update their apps.
Users have a right to privacy and the operating system shouldn't require sysadmin-level knowledge to let them protect their data.