On 10 Feb 2015, at 9:52 pm, Julien Wajsberg <jwajsb...@mozilla.com> wrote:
> Hey Paul, > > Le 09/02/2015 12:41, Paul Theriault a écrit : >> === SMS === >> SMS is risky mainly due to the cost involved. Risks include cost of sending >> SMS and also SMS are very sensitive - e.g. often used in 2-factor auth (e.g. >> banking) >> >> But there are different use cases. For example, many use cases just need the >> ability to receive SMS - instead of granting SMS permission, we could expose >> a read-only SMS datastore which other apps could observe changes on which >> removes the cost risk (but not the sensitive data risk). > > I don't understand how having a read only access would prevent a webpage > from reading a 2-factor auth SMS. Thats what I meant by: "… which removes the cost risk (but not the sensitive data risk). " > > I wonder if we could have a permission as fine as giving access to a > specific thread ? > Or access to some properties (the phone numbers) but not others (the SMS > content) ? Maybe whitelist by contact? “Share SMS messages from Fred Bloggs with the XYZ app?” Sounds pretty complex though for your average user. > > I'm also not sure how a user can choose knowingly whether he should give > access to such things from this webpage :/ > > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
