Commit b0357cc7 authored by Simon McVittie's avatar Simon McVittie

Add use cases for revoking and unrevoking permissions

Apertis: Simon McVittie's avatarSimon McVittie <>
Reviewed-by: Emanuele Aina's avatarEmanuele Aina <>
Differential Revision:
parent a8a8babe
......@@ -469,6 +469,40 @@ in Android, Flatpak or iOS, but it would be straightforward for any of these
frameworks to do so: they would merely have to stop presenting a user
interface for that permission, and make requests for it always succeed.
### Changing access
An Apertis user uses a Facebook app-bundle. The user wants their location at
various times to appear on their Facebook feed, so they give the app-bundle
permission to monitor his location, as in [Location] above.
Later, that user becomes more concerned about their privacy. They want to
continue to use the Facebook app-bundle, but prevent it from accessing their
new locations. They use a user interface provided by the system vendor,
perhaps a [system preferences application], to reconfigure the permissions
granted to the Facebook app-bundle so that it cannot access their location.
Later still, that user wants to publish their location to their Facebook feed
while on a road trip. They reconfigure the permissions granted to the
Facebook app-bundle again, so that it can access their location again.
#### Security implications
This use-case is applicable if the user's perception of the most appropriate
trade-off between privacy and functionality changes over time.
#### In other systems
Android 6.0 and later versions have a
[user interface][Android app permissions] to revoke and reinstate broad
categories of permissions. Older [Android] versions had a hidden control
panel named [App ops][Android AppOps] controlling the same things at a
finer-grained level (individual permissions), but it was not officially
[iOS] allows permissions to be revoked or reinstated at any time via
the [Privacy page in its Settings app][iOS Privacy settings], which is the
equivalent of the Apertis [system preferences application].
## Potential future use-cases
Use cases described in this section are not intended to generate requirements
......@@ -1120,6 +1154,8 @@ Usage descriptions not corresponding to a use-case in this document include:
<!-- External links -->
[Android AppOps]:
[Andoid app permissions]:
[Android calendar permissions]:
[Android calendar sync adapters]:
[Android contact management]:
......@@ -1130,6 +1166,7 @@ Usage descriptions not corresponding to a use-case in this document include:
[Flatpak Portals]:
[GNOME Calendar]:
[iOS fingerprinting]:
[iOS Privacy settings]:
[Kernel-based Virtual Machine]:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment