• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: June 2nd, 2023

help-circle

  • Just to clarify, it’s not just that there’s an Android API to ask for permissions that apps use to show a consistent UI: that’s the way that apps actually get access to whatever feature they’re requesting, and if they don’t go through that API they don’t get access. An app can’t just decide in an update that it wants access to contacts without asking. The Android API to get contact info checks the app requesting the info and won’t give it anything if the user hasn’t explicitly granted that permission to that app. Most commonly when something like this comes up it’s a permission that was granted in the set of permissions requested when the app was installed and the user just skipped through the prompt and they don’t realize they granted access to contacts.

    For the curious, here’s the Android developer guide page that describes how Contacts permissions work for app authors. And the page describing permissions in general, how to request, etc.

    Edit to add: You can go into the settings for the app (not in the app itself, but in the app manager under your device settings, usually also accessible by holding on the app’s launcher icon and going to Info) and you can remove permissions that you’ve granted previously. So if you’re worried about this you can yank the Contacts permissions at the OS level and it doesn’t matter what the Discord settings are, they won’t be able to access your contacts anymore.


  • Squiddles@beehaw.orgtoTechnology@beehaw.org*Removed, please disregard*
    link
    fedilink
    English
    arrow-up
    11
    ·
    edit-2
    11 months ago

    Access to Contacts has to go through the Android API, which means the user has to explicitly grant permission for Discord to access that specific functionality. That’s what the comment you’re replying to meant: access to contacts is protected at the operating system level and they’ve seen the source code on the OS side. Permissions might have been granted by the user reflexively, just muscle memory, when setting up Discord, but it absolutely had to have happened if Sync Contacts was enabled. Unless there’s some kind of bug where Discord enables the in-app setting without actually having the permissions to access contacts–I guess that could be possible. It couldn’t actually see any contact info in that instance, but it would try. If I go into Discord settings and try to enable the Sync Contacts option my phone displays the built-in Android permissions prompt with the text “Allow Discord to access your contacts?”




  • Finally something I’m actually qualified to weigh in on! I’m the lead UI developer for an EHR software (not saying which one or getting into details–it’d be pretty easy to figure out my identity).

    First, to be fair, it’s possible that the software they’re using is genuinely terrible. They don’t say which EHR. I’ve heard this kind of thing from providers before, though, and it’s usually that they don’t know how to use the software. From the way the article describes the provider, it sounds like they’re stuck in paper and don’t want to learn a new way of doing things. On the one hand, fair enough–patient care should be their primary concern. On the other hand, patient care is so much easier, faster, and more accurate in an EHR.

    In my EHR you select a patient and can get a full visit summary on any visit the patient has ever had with a couple of mouse clicks. Immunizations, clinical notes, radiology, goals, problems, vitals, education–everything that happened during the visit. There are built-in tools for reminders that automatically notify you of things that are important for the visit based on previous visits, contraindication checks for medications, tracking of fluid balance, integrated documentation for clinical reference and distributing to patients, etc, etc.

    That’s not even to mention things like compliance for clinical quality measure reporting, integrating with state immunization registries, easy export of data to external facilities (eg, CCDA), using digital signatures for non-repudiation of controlled substance prescriptions, automagically pinging requests and data around to the different departments, etc. So many things that used to rely on a human squinting at a paper now just happen, with a built-in audit trail.

    As for billing: we (developers, testers, and project/product managers) HATE billing. It’s a necessary evil, but we package it off as a separate plugin. It can pull procedure codes and the like from the database to do its job, but to suggest that billing is the only reason to use an electronic health record is astoundingly ignorant. Patient care is the primary concern of everyone who actually has hands on the application. Most of us are former providers who just happen to be alright at coding.