Hey Paul, Le 09/02/2015 12:41, Paul Theriault a écrit : > === SMS === > SMS is risky mainly due to the cost involved. Risks include cost of sending > SMS and also SMS are very sensitive - e.g. often used in 2-factor auth (e.g. > banking) > > But there are different use cases. For example, many use cases just need the > ability to receive SMS - instead of granting SMS permission, we could expose > a read-only SMS datastore which other apps could observe changes on which > removes the cost risk (but not the sensitive data risk).
I don't understand how having a read only access would prevent a webpage from reading a 2-factor auth SMS. I wonder if we could have a permission as fine as giving access to a specific thread ? Or access to some properties (the phone numbers) but not others (the SMS content) ? I'm also not sure how a user can choose knowingly whether he should give access to such things from this webpage :/
signature.asc
Description: OpenPGP digital signature
_______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
