... usually, in this context, spelled ZXing.
ZXing is, at its heart, a barcode scanner for mobile phones implemented in software. This is very useful to application writers: I believe ShopSavvy (mentioned previously) includes a copy of ZXing internally in order to scan barcodes. ZXing is also capable of creating barcodes that other devices can then read off of the phone's screen. It's a nifty library, with a lot of potential uses.
However, ZXing (named simply Barcode Scanner in the official standalone version on the Android Market) seems also to have aspirations of direct use as a social application. In at least the Android version of the app, code exists that will, at the request of another application, read one's contacts list and display a barcode on the phone's screen representing a contact's information.
This is not really a good thing, for several reasons.
It's not that the act of sharing contact information is inherently bad. Barcodes are probably a more secure method than most to do so, at that: they're relatively difficult to intercept from across the room, which isn't necessarily true of even encrypted Bluetooth. It even implicitly contains the promise of eventually being able to do so in a cross-platform way, so that iPhones and Android devices can share contact information with relative equanimity.
But letting a common library — which Barcode Scanner is — have access to contact information isn't really safe. It's possible that it could be tricked into returning contact information, or some other variant of a confused deputy situation. It doesn't appear to verify that the calling application has any sort of access to the contacts list, either.
Furthermore, seeing "read contacts, write contacts, full Internet access" in the permissions-request list — with no explanation given in the application description — should be setting off warning signals in the user's head, as it did mine: "wait, you want to do what?" I'm aware that the vast majority of users invariably ignore message boxes, but I'd really prefer they not have reason to do so.
This would all be easily resolvable simply by separating out the contacts-access code into a separate application from the barcode-reading/displaying library: the former would request and declare reading and writing of contacts, and the latter would have and need no permissions beyond camera access.
(In point of fact, as ZXing is open-source, I was able to browse the code and confirm that the potential security issues remain potential rather than actual. But I really shouldn't have had to.)
Subscribe to:
Post Comments (Atom)
2 comments:
Hi, I am a developer for this project. You make excellent points here.
You are right that ShopSavvy and CompareEverywhere use this library for decoding, focused on UPC/EAN only. They both, obviously, add a far richer product comparison shopping UI.
Note that the client also asks permission to write contacts because QR Codes can contain contact information and the client offers the option to add to your address book.
You are right that we get lots of questions about just this issue: why does it need access to contacts? I suppose one solution is to allow apps to add a description of why each permission is needed, but, that might just make it more easy for an evil app to convince trusting users to accept its demands.
I think the idea of separating the apps is interesting. You're asking users to separately download another app, or else forgo this functionality. That's a cost. But it does have the benefit you suggest.
It doesn't solve the problem of writing contacts though. If you farm that out to a separate app, then it has to able to accept contact information from another app, to write. That other app didn't ask for write permission though. This is a sort of problem with per-app permissions but the ability for apps to cooperate via Intents.
Net-net, not sure, seems like the benefits of packaging it all up together are worth the cost. But it's a great point to consider.
Yay! My first comment! Sorry; I'm still unfamiliar with the interface here.
... I also typed up a reply, but it was longer than I expected, so I'm going to save it for tomorrow and make a post out of it. Yay! Post material!
Post a Comment