On Thu, Mar 15, 2012 at 9:31 PM, Justin Lebar <[email protected]> wrote: >> There is still an open question on how a permissions manager should >> respond in the event of a DENIED permission. One suggestion is to not >> error out but return some default/safe value e.g. no contacts if an >> app is not granted Contacts information. A concern of this proposal >> is that an app may continue to poll for a permission until it is >> granted or an app may pop up a dialog to have the user grant the >> permission. > > I don't understand this. Can you give a concrete example of what the > problem is here, for example with the current geolocation API?
i believe david is referring to an app carrying out psychological bullying / blackmail attacks on its users, by repeatedly demanding permission for access, would that be a correct assessment, david? l. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
