On Mar 16, 2012, at 4:47 AM, Ben Francis wrote: > But surely there is no difference between a B2G app and a Gaia app. A B2G app > is an Open Web App and a Gaia app is just an Open Web App written by Mozilla. > > A device may ship with one or more app store apps which have permission to > install and un-install Open Web Apps. > > A device may also ship with pre-installed apps which already have permissions > assigned to them by the vendor on the user's behalf. > > The user can view and change the permissions given to all apps (including app > store apps) using the permissions manager. > > Ben
My understanding is that some apps that have sensitive monetizable privileges (dialer, sms, etc) will only be available from specific app stores. The reason is that these apps could make calls or send sms's in the background, without the user's awareness. This is a big liability and therefore carriers want to control which apps are permitted to do so. Seems to me that if some apps have direct access to such sensitive APIs, we should ensure their integrity and authenticity. Lucas. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
