Want to enlighten this guy?
2 views
Skip to first unread message
Mark Otway
Oct 5, 2009, 12:26:16 AM10/5/09
to Newsrob Group
http://feedproxy.google.com/~r/androidguyscom/~3/0rt6vw39IV4/
Seems like you could set the record straight and get some publicity...
Mariano Kamp
Oct 5, 2009, 1:37:29 AM10/5/09
to new...@googlegroups.com
Thanks for the heads-up Mark. Matthias also sent this to me and I got two more emails that raise the topic of Login independently(?).
But I am tired, I don't want to set the record straight. I have a really busy week coming up and if he doesn't use NewsRob that's cool with me. If he wanted my opinion he would have asked.
I really hope for Android 2.0 to offer an officially supported way to authenticate against Google and authorize just the subset of the account I need (the Google Reader part).
He just doesn't get that all the "alternatives" he mentions will still allow reading his email and stealing his identity.
Mark Otway
Oct 5, 2009, 1:49:32 AM10/5/09
to new...@googlegroups.com
No worries, I'm tired too. ;-)
I'll post a response while my coffee brews later...
On Oct 5, 2009 6:37 AM, "Mariano Kamp" <marian...@gmail.com> wrote:
Thanks for the heads-up Mark. Matthias also sent this to me and I got two more emails that raise the topic of Login independently(?).But I am tired, I don't want to set the record straight. I have a really busy week coming up and if he doesn't use NewsRob that's cool with me. If he wanted my opinion he would have asked.I really hope for Android 2.0 to offer an officially supported way to authenticate against Google and authorize just the subset of the account I need (the Google Reader part).
He just doesn't get that all the "alternatives" he mentions will still allow reading his email and stealing his identity.
On Mon, Oct 5, 2009 at 6:26 AM, Mark Otway <ma...@otway.com> wrote: > > http://feedproxy.google.com...
Pierre
Oct 5, 2009, 1:53:13 AM10/5/09
to NewsRob User Group
What is the problem with the current "automatic login method" ?
On Oct 5, 7:49 am, Mark Otway <m...@otway.com> wrote:
> No worries, I'm tired too. ;-)
>
> I'll post a response while my coffee brews later...
>
>
> http://feedproxy.google.com...
On Oct 5, 7:49 am, Mark Otway <m...@otway.com> wrote:
> No worries, I'm tired too. ;-)
>
> I'll post a response while my coffee brews later...
>
> On Oct 5, 2009 6:37 AM, "Mariano Kamp" <mariano.k...@gmail.com> wrote:
>
> Thanks for the heads-up Mark. Matthias also sent this to me and I got two
> more emails that raise the topic of Login independently(?).
> But I am tired, I don't want to set the record straight. I have a really
> busy week coming up and if he doesn't use NewsRob that's cool with me. If he
> wanted my opinion he would have asked.
>
> I really hope for Android 2.0 to offer an officially supported way to
> authenticate against Google and authorize just the subset of the account I
> need (the Google Reader part).
> He just doesn't get that all the "alternatives" he mentions will still allow
> reading his email and stealing his identity.
>
> On Mon, Oct 5, 2009 at 6:26 AM, Mark Otway <m...@otway.com> wrote: > >
>
> Thanks for the heads-up Mark. Matthias also sent this to me and I got two
> more emails that raise the topic of Login independently(?).
> But I am tired, I don't want to set the record straight. I have a really
> busy week coming up and if he doesn't use NewsRob that's cool with me. If he
> wanted my opinion he would have asked.
>
> I really hope for Android 2.0 to offer an officially supported way to
> authenticate against Google and authorize just the subset of the account I
> need (the Google Reader part).
> He just doesn't get that all the "alternatives" he mentions will still allow
> reading his email and stealing his identity.
>
>
> http://feedproxy.google.com...
Mariano Kamp
Oct 5, 2009, 1:58:28 AM10/5/09
to new...@googlegroups.com
Pierre,
what is the current "automatic login method"? The method described in the 2nd part of the article?
It's unofficial and won't prevent identity theft as it gives full access to your Google account, including your mail and documents.
The previous discussion with more details:
Mariano
Mark Otway
Oct 5, 2009, 2:23:16 AM10/5/09
to new...@googlegroups.com
I've had a bit of a rant. Think I covered just about everything. ;-)
On Oct 5, 2009 6:58 AM, "Mariano Kamp" <marian...@gmail.com> wrote:
Pierre,what is the current "automatic login method"? The method described in the 2nd part of the article?It's unofficial and won't prevent identity theft as it gives full access to your Google account, including your mail and documents.The previous discussion with more details:
MarianoOn Mon, Oct 5, 2009 at 7:53 AM, Pierre <pierre...@gmail.com> wrote: > > > What is the problem wi...
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are sub...
Mariano Kamp
Oct 5, 2009, 2:27:12 AM10/5/09
to new...@googlegroups.com
You seem to have crashed their server :-)
I'll try again later. I hope you kept it friendly?
Written on a mobile device.
> > On Oct 5, 2009 6:58 AM, "Mariano Kamp" <marian...@gmail.com> wrote: > > Pierre, > > what i...
MarianoOn Mon, Oct 5, 2009 at 7:53 AM, Pierre <pierre...@gmail.com> wrote: > > > What is the problem wi...
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are sub...
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are s...
Mark Otway
Oct 5, 2009, 2:53:15 AM10/5/09
to new...@googlegroups.com
I'm always friendly. :-)
On Oct 5, 2009 7:27 AM, "Mariano Kamp" <marian...@gmail.com> wrote:
You seem to have crashed their server :-)
I'll try again later. I hope you kept it friendly?
Written on a mobile device.
> > On Oct 5, 2009 6:58 AM, "Mariano Kamp" <marian...@gmail.com> wrote: > > Pierre, > > what i...
> > Mariano > > On Mon, Oct 5, 2009 at 7:53 AM, Pierre <pierre...@gmail.com> wrote: > > > What i...
Mariano Kamp
Oct 5, 2009, 3:07:06 AM10/5/09
to new...@googlegroups.com
Hey Mark,
I read it: http://www.androidguys.com/2009/10/04/5-nice-apps-i-refuse-to-use/#IDComment37268076
And I voted it up.
Thanks for the time you put in. That saves my time and is much more valuable to me than a donation ;-)
Let's hope that Google will come up with a solution soon. Having thought about this a bit more on my trip to work I feel that it is not around the corner though. The major point for me is not the credentials, but to get an authorization that is locked down to an area like Google Reader, as you mentioned in your comment. As far as I know the Google backend doesn't support that yet.
Anyway, if anybody thinks that it's not a good idea to expose themselves until a proper solution is found, I can totally relate to that. It's just that I for myself chose to hand my credentials out to anybody that doesn't seem fishy and offers me value. So if anybody of you guys get a mail from me offering sexual services or Windows programming, then my identity was stolen ;-)
Ok, have to work now.
Cheers,
Mariano
I read it: http://www.androidguys.com/2009/10/04/5-nice-apps-i-refuse-to-use/#IDComment37268076
And I voted it up.
Thanks for the time you put in. That saves my time and is much more valuable to me than a donation ;-)
Let's hope that Google will come up with a solution soon. Having thought about this a bit more on my trip to work I feel that it is not around the corner though. The major point for me is not the credentials, but to get an authorization that is locked down to an area like Google Reader, as you mentioned in your comment. As far as I know the Google backend doesn't support that yet.
Anyway, if anybody thinks that it's not a good idea to expose themselves until a proper solution is found, I can totally relate to that. It's just that I for myself chose to hand my credentials out to anybody that doesn't seem fishy and offers me value. So if anybody of you guys get a mail from me offering sexual services or Windows programming, then my identity was stolen ;-)
Ok, have to work now.
Cheers,
Mariano
Shahpur
Oct 5, 2009, 5:08:26 AM10/5/09
to NewsRob User Group
hmm i have to say that the article DID really influence me...it's
scary to know that any 3rd party developer using googles APIs will
have potential access to all other google accounts you use because of
the single sign on. It's also scary that i didn't think about this
myself, coming from an IT company and having a Computer Science
degree, im surprised at how easily i shared my login data without
thinking much about what it means to give an google analytics android
app your login...
I DO trust mariano because fraudsters definetly don't interact like
him with the users, but i don't want to make a habit out of it and
give away my google login data to any other app i want to try. And i
think it's good if everybody thinks like this.
Therefore i used another old and dead gmail account now, which i had
for many years (never used it), and set up my feeds and google
analytics for my blog as a seperate user.
I don't want to have the slightest possibility that somebody could get
access to my emails from my gmail main account.
So, thanks for the heads up. I was enlightened, but in another way the
thread opener might have wanted :)
bye,
shahpur
scary to know that any 3rd party developer using googles APIs will
have potential access to all other google accounts you use because of
the single sign on. It's also scary that i didn't think about this
myself, coming from an IT company and having a Computer Science
degree, im surprised at how easily i shared my login data without
thinking much about what it means to give an google analytics android
app your login...
I DO trust mariano because fraudsters definetly don't interact like
him with the users, but i don't want to make a habit out of it and
give away my google login data to any other app i want to try. And i
think it's good if everybody thinks like this.
Therefore i used another old and dead gmail account now, which i had
for many years (never used it), and set up my feeds and google
analytics for my blog as a seperate user.
I don't want to have the slightest possibility that somebody could get
access to my emails from my gmail main account.
So, thanks for the heads up. I was enlightened, but in another way the
thread opener might have wanted :)
bye,
shahpur
Mariano Kamp
Oct 5, 2009, 5:17:41 AM10/5/09
to new...@googlegroups.com
I totally understand your point of view.
The approach you use is not as convenient, because you can't have *your* gmail session and the google reader session in the same browser, but it works if you use Safari (or whatever) for one and Firefox for the other.
The approach you use is not as convenient, because you can't have *your* gmail session and the google reader session in the same browser, but it works if you use Safari (or whatever) for one and Firefox for the other.
Shahpur
Oct 5, 2009, 5:27:00 AM10/5/09
to NewsRob User Group
Yes thats true. The good thing here is, that i actually don't use
google reader at all for desktop reading. :)
The only reason i'm using google reader to get rss feeds is, to be
able to use NewsRob on my HTC Hero, since it's the best rss reader out
there.
So other than adding some new feeds i will actually never need access
to my google reader account at the same time of my gmail account.
Btw: i added my comment to the article too, but also stating that
NewsRob is the best rss reader solution i ever used (winmobile,
symbian, android), and it definetly should still be used by opening a
seperate GR acount. I'm trying to push GR everywhere possible, and
soon i'll add an in-depth review on my blog.
On 5 Okt., 11:17, Mariano Kamp <mariano.k...@gmail.com> wrote:
> I totally understand your point of view.
>
> The approach you use is not as convenient, because you can't have *your*
> gmail session and the google reader session in the same browser, but it
> works if you use Safari (or whatever) for one and Firefox for the other.
>
google reader at all for desktop reading. :)
The only reason i'm using google reader to get rss feeds is, to be
able to use NewsRob on my HTC Hero, since it's the best rss reader out
there.
So other than adding some new feeds i will actually never need access
to my google reader account at the same time of my gmail account.
Btw: i added my comment to the article too, but also stating that
NewsRob is the best rss reader solution i ever used (winmobile,
symbian, android), and it definetly should still be used by opening a
seperate GR acount. I'm trying to push GR everywhere possible, and
soon i'll add an in-depth review on my blog.
On 5 Okt., 11:17, Mariano Kamp <mariano.k...@gmail.com> wrote:
> I totally understand your point of view.
>
> The approach you use is not as convenient, because you can't have *your*
> gmail session and the google reader session in the same browser, but it
> works if you use Safari (or whatever) for one and Firefox for the other.
>
Mariano Kamp
Oct 5, 2009, 6:03:18 AM10/5/09
to new...@googlegroups.com
Sounds great. Thanks for your support.
Pierre
Oct 6, 2009, 6:11:30 PM10/6/09
to NewsRob User Group
I think the main problem is : apps have access to ALL the google
account
On 5 oct, 12:03, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Sounds great. Thanks for your support.
>
account
On 5 oct, 12:03, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Sounds great. Thanks for your support.
>
Mariano Kamp
Oct 7, 2009, 2:20:07 AM10/7/09
to new...@googlegroups.com
Exactly.
The actual username/password and the inconvenience to enter them are just minor points in comparison to that.
There is just one door into google, no matter where you wanna go.
Written on a mobile device
On Oct 7, 2009 12:11 AM, "Pierre" <pierre...@gmail.com> wrote:
I think the main problem is : apps have access to ALL the google
account
On 5 oct, 12:03, Mariano Kamp <mariano.k...@gmail.com> wrote: > Sounds great. Thanks for your suppo...
> On Mon, Oct 5, 2009 at 11:27 AM, Shahpur <shahpur.azizp...@gmail.com> wrote: > > > Yes thats true....
Pierre
Oct 7, 2009, 4:41:10 AM10/7/09
to NewsRob User Group
we need new android permissions !
for example : "access gmail" , "access calendar" , "access
greader" ...
do you know if "API creators" (google, yahoo, microsoft) can create
new custom android permissions ?
On Oct 7, 8:20 am, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Exactly.
> The actual username/password and the inconvenience to enter them are just
> minor points in comparison to that.
> There is just one door into google, no matter where you wanna go.
>
> Written on a mobile device
>
for example : "access gmail" , "access calendar" , "access
greader" ...
do you know if "API creators" (google, yahoo, microsoft) can create
new custom android permissions ?
On Oct 7, 8:20 am, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Exactly.
> The actual username/password and the inconvenience to enter them are just
> minor points in comparison to that.
> There is just one door into google, no matter where you wanna go.
>
> Written on a mobile device
>
Mariano Kamp
Oct 7, 2009, 4:50:51 AM10/7/09
to new...@googlegroups.com
Well, the android part is one thing, but the google backend would also need this level on granularity.
It's not rocket science and there is a need for that in web apps too, so I would think this will be implemented at some point in time.
Permissions are just provided by the OS. But it's really not a problem. NewsRob could fire an intent that it wants to access the Google Reader part and a Google app receives it, asks the user if it's "ok", "not ok", "always great", "never great". This app will then return a signed token that NewsRob, or others, can use to access the APIs.
It's not rocket science and there is a need for that in web apps too, so I would think this will be implemented at some point in time.
Permissions are just provided by the OS. But it's really not a problem. NewsRob could fire an intent that it wants to access the Google Reader part and a Google app receives it, asks the user if it's "ok", "not ok", "always great", "never great". This app will then return a signed token that NewsRob, or others, can use to access the APIs.
Pierre
Oct 7, 2009, 5:06:18 AM10/7/09
to NewsRob User Group
ok, you describe the "facebook system"
when a facebook app on android (Babbler for me) need to access
facebook (contacts,wall, ...),
it access the facebook website and ask for permissions (like all apps
in facebook)
I think i've a better idea (for google) :
- to access to a "complex website with API" (google, facebook,
hotmail) you need to install an "API app" on your phone (for each
"website")
- installing an "API app" installs also new "android api permission"
examples of "API app" and "android api permissions" :
google : "access gmail" , "access calendar", "access greader",
"search on google"
hotmail/microsoft : "access hotmail" , "search on bing"
facebook : "contacts" , "wall" , "event", "notification"
but, it's just an idea :)
(sorry for my english)
On Oct 7, 10:50 am, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Well, the android part is one thing, but the google backend would also need
> this level on granularity.
> It's not rocket science and there is a need for that in web apps too, so I
> would think this will be implemented at some point in time.
>
> Permissions are just provided by the OS. But it's really not a problem.
> NewsRob could fire an intent that it wants to access the Google Reader part
> and a Google app receives it, asks the user if it's "ok", "not ok", "always
> great", "never great". This app will then return a signed token that
> NewsRob, or others, can use to access the APIs.
>
when a facebook app on android (Babbler for me) need to access
facebook (contacts,wall, ...),
it access the facebook website and ask for permissions (like all apps
in facebook)
I think i've a better idea (for google) :
- to access to a "complex website with API" (google, facebook,
hotmail) you need to install an "API app" on your phone (for each
"website")
- installing an "API app" installs also new "android api permission"
examples of "API app" and "android api permissions" :
google : "access gmail" , "access calendar", "access greader",
"search on google"
hotmail/microsoft : "access hotmail" , "search on bing"
facebook : "contacts" , "wall" , "event", "notification"
but, it's just an idea :)
(sorry for my english)
On Oct 7, 10:50 am, Mariano Kamp <mariano.k...@gmail.com> wrote:
> Well, the android part is one thing, but the google backend would also need
> this level on granularity.
> It's not rocket science and there is a need for that in web apps too, so I
> would think this will be implemented at some point in time.
>
> Permissions are just provided by the OS. But it's really not a problem.
> NewsRob could fire an intent that it wants to access the Google Reader part
> and a Google app receives it, asks the user if it's "ok", "not ok", "always
> great", "never great". This app will then return a signed token that
> NewsRob, or others, can use to access the APIs.
>
Mariano Kamp
Oct 7, 2009, 6:00:38 AM10/7/09
to new...@googlegroups.com
The permissions are defined by the OS. Google Reader (or whatever) comes after that, so the OS cannot provide permissions for them.
But anyway, I couldn't do much about it. This is something that Google needs to do. Here is a relevant bug report/feature request: http://code.google.com/p/android/issues/detail?id=1073 You may want to read/contribute to it?
But anyway, I couldn't do much about it. This is something that Google needs to do. Here is a relevant bug report/feature request: http://code.google.com/p/android/issues/detail?id=1073 You may want to read/contribute to it?
Shahpur
Oct 7, 2009, 6:10:56 AM10/7/09
to NewsRob User Group
That doesn't sound exactly more comfortable, than the facebook
method. :) I think the way mariano described it, would be the most
efficient way. Any user could easily give and take away access to any
google service for an app at will, and thats how it should be.
I think facebook has the best solution in that regard, and google has
to come up with something soon. Right now the risk for giving away
your google login is just too high.
Bye,
shahpur
method. :) I think the way mariano described it, would be the most
efficient way. Any user could easily give and take away access to any
google service for an app at will, and thats how it should be.
I think facebook has the best solution in that regard, and google has
to come up with something soon. Right now the risk for giving away
your google login is just too high.
Bye,
shahpur
Reply all
Reply to author
Forward
0 new messages