Not really; this depends on how the OS developer implements denying various permissions. For example, your app already has to handle empty address books, location services reporting valid, fixed locations, and SMS messages not arriving; it also can't assume network and messaging services are available, even in the absence of permission problems.

But I absolutely would still want guaranteed permissions: If my app needs Internet to make money, then I don't want someone to be able to use it if they're blocking Internet for the app

How do you currently handle limited, filtered, or no Internet access for reasons other than lack of permission grants? Why can't you handle permission-based Internet blocking in the same way?

If the OS handles it transparently, then sure, it could work. But as I understand things, that's why the CyanogenMod "feature" of selective permission disabling fails: If I ask whether the Internet has a valid signal, and it unexpectedly throws an error, then my app will either crash or behave in an untested way (depending on whether I'm catching top-level errors and continuing to run anyway). I don't know how the 4.3 feature handles it.

I don't want users to have the ability to disable Internet, though; not if I'm writing an ad-supported app. I don't want to kill the app on devices that simply never connect to the Internet either, so I'd prefer if the OS guaranteed that, IF there's an Internet connection, it will give me full access to it.

Perhaps that's the hardest part to test about the Cyanogen-style permissions disabling: that there's no uniform way Android handles a missing permission. Sometimes the API will throw an exception, while other times it returns a null Object.

Your average app already has significantly more than 255 permutations of code paths. While testing every permutation with e.g. automated tests is a great way to try and ensure full coverage, simply handling each once will often be sufficient: a significant number of these permissions, properly handled, will be orthogonal to the others.

Many disabled permissions aren't adding fundamental complexity: What's the functional difference to your code when it reads 0 contacts from my address book because I don't have any, vs when it reads 0 contacts from my address book because I disabled the permission? You already need to handle the former.

You're right in that it would be possible to have the OS report "0 contacts" instead of throwing an error, and THAT case should be handled.

In fact, I'd love to have the ability to block reading of contacts from all apps except ones I explicitly allow. It's the more basic "INTERNET" permission that is core to monetizing apps that I take umbrage with blocking; if someone is using my contacts somehow to monetize their app, that's not cool, and I absolutely wouldn't want to use an app that did that.

...or to write your own wrapper which does the same by handling the exception, and to then exclusively use that wrapper in your client code.

Catching the error isn't even half the battle, either. If you want the app to "work," you need to explicitly test the full set of permissions any particular block of code might need prior to enabling aspects of your UI that require them, or your app is going to behave badly.

At best, your proposed solution would prevent the app from crashing, though it could still get into a bad state -- a non-modal dialog waiting for a particular result could never be closed, for example, because of an unexpected throw that skipped over the proper cleanup code. Yes, that code SHOULD be in a finally{} clause, but what if you missed something? I'm an awesome developer in a lot of ways, probably even a 10x+ developer, but I don't consider myself perfect. Do you?

Have you developed apps for Android as an indie developer? Or for iOS? How much extra time would you want to spend to cover corner cases like this, instead of adding features that might actually improve your revenues or ratings?

How likely is it that you'd successfully handle all 255 extra permutations with no real testing? And don't think unit tests would solve the problem: You'd really need full functional and UI tests, probably with a human to really be sure that you're covered. Some apps really don't work without certain permissions (say an Internet chat app with no INTERNET permission), so be sure you have reasonable error messages that explain to the user that the app can't work if you don't give it the right permission. And word the message so that your average non-techie will understand it, or be prepared for lots of negative ratings with "app doesn't work! uninstalled!" comments.

No, making it easy for people to kill permissions on an app is the wrong answer. Giving developers the ability to optionally query sets of permissions reduces the complexity from exponential to constant, and allows for optional features to exist in an app.

I don't consider myself a 10x developer, nevermind a perfect developer. But I still think you're continuing to overstate the difficulty of minimizing the combinatorial effects and general difficulty of handling missing permissions. You can certainly make a herculean task out of it if you want to, however.

> Have you developed apps for Android as an indie developer? Or for iOS?

Depends on how you're defining both "developed apps" and "indie".

> How much extra time would you want to spend to cover corner cases like this, instead of adding features that might actually improve your revenues or ratings?

While I certainly wouldn't relish platform mandated "busywork" as a developer, I've seen much worse and much more pointless work than such.

> How likely is it that you'd successfully handle all 255 extra permutations with no real testing?

How likely is it that you'd successfully handle all execution of your app even with real testing? For anything sufficiently complex, statistics will eventually catch up with you, and your chance will, when rounded, come to a nice and magical number... nil. Zero.

Mistakes will happen, complexity will happen, and removing features in an attempt to prevent the inevitable from eventually striking is the wrong answer. Don't get me wrong, permissions sets are a fine way to help reduce that complexity without necessarily harming the other goals. And it'd be nice to have it done for you. And it'd be nice to have it done as atomic sets. But I remain unconvinced it's unreasonable to manage without those niceties.

( although as a matter of personal taste, if I want to kill INTERNET and just read my chat app's logs or settings I'd like to be able to do that -- and can at the OS level by turning off both mobile data and wifi, your monetization strategy be damned.)

Spent time (and money) on your own initiative to develop an app that's been published in the Android and iOS stores.

I spent my own time developing a game that's in the Android and iOS app stores.

> How likely is it that you'd successfully handle all execution of your app even with real testing?

My point wasn't about bugs. My point was about execution path coverage: If code has never been hit, then it may contain hidden bugs.

And if I'm doing things right, 100% of the code would be executed in testing. There are techniques to specifically track code coverage, so you don't need to wonder whether a code path has been triggered, but in general I don't write code and then never execute it.

> But I still think you're continuing to overstate the difficulty of minimizing the combinatorial effects and general difficulty of handling missing permissions.

It's your right to believe as you will.

Then no.

> My point wasn't about bugs. My point was about execution path coverage: If code has never been hit, then it may contain hidden bugs.

"it may contain hidden bugs" sounds like, at the end of the day, your point was about bugs. Any distinction you're trying to make is too subtle for me to pick up on without spelling it out more.

> And if I'm doing things right, 100% of the code would be executed in testing.

There's a big difference between executing all code, and executing all permutable paths into said code on a micro level (e.g. function by function), and executing all permutable paths into said code on a macro level.

I've been in the unfortunate position of having even the first option being literally impossible for parts of a codebase. Lack of complete test environments for your mandatory 3rd party APIs suck! You can write your own mocks, but that's not exactly the same thing -- especially when you don't know what kind of quirks to expect. And as you might expect, it did lead to a bug! Fortunately, patching on both Android and iOS is significantly easier, and equally fortunately, the bug was later found, patched, and the patch shipped successfully.

And while I think "complete" test coverage of every possible permutation is a nice thing to strive for on a micro level, at a sufficiently macro level it becomes effectively impossible. Techniques like fuzzing let you test that a significant majority of combinations works out in your favor, but there will always be the 0.0001% corner case. Well before "impossible" comes "overkill".

I suspect we have a fundamental disagreement of opinion as to what constitutes "overkill".

Of course it was. It's always about bugs.

But code that has never been executed can have orders of magnitude more categories of bug than code that works at least once. And I'm good enough that 99% of the time I don't miss the corner cases -- it's the more blatant problems that tend to bite me, and those are eliminated by making sure all the code gets executed at least once. Once my code is wired up right, it tends to work. But I won't know if it's wired up right until it's been executed once.

>Lack of complete test environments for your mandatory 3rd party APIs suck!

Try writing code for systems without the ability to debug. Or where something is going wrong and there's no way to figure out why based on logging or debugging. Or without complete (or correct!) documentation. Or for projects where, once you ship, there is no option to patch your app, so it needs to be as close as possible to bug free. Thankfully modern platforms (mostly!) avoid the last pitfall, but I've been there, along with the other situations. And I win these battles.

>I suspect we have a fundamental disagreement of opinion as to what constitutes "overkill".

No, I'm just not communicating effectively. And it's no longer worth it for me to try any harder.

FWIW, I'm not talking about complete test coverage. The apps I usually write (games) are almost entirely pointless to write tests for. Ever. Sure you can for some specific libraries you're using, but for the actual game itself? Hardly ever worth it.

I've shipped games with zero chance for patching, some pretty popular -- and I didn't hear of any bugs worth mentioning after release. And there were no tests involved in the development process (other than the kind where QA tests the game and tells me what doesn't work). I know that concept is a bit alien on HN, but it's rare to find a game (or even a game engine) with a nontrivial test suite.

Most game bugs wouldn't be prevented with unit tests anyway -- probably only one in a hundred at best. They almost always result from emergent complexity, not from a single function returning a bad value.

Maybe I'm taking your repeated reference to testing all 256 permutations too literally.

> Try writing code for systems without the ability to debug. Or where something is going wrong and there's no way to figure out why based on logging or debugging. Or without complete (or correct!) documentation. Or for projects where, once you ship, there is no option to patch your app, so it needs to be as close as possible to bug free. Thankfully modern platforms (mostly!) avoid the last pitfall, but I've been there, along with the other situations. And I win these battles.

At least I've dodged one of those bullets: I haven't worked on anything outright unpatchable just yet :).

> No, I'm just not communicating effectively. And it's no longer worth it for me to try any harder.

I appreciate the effort you've made.