On Mar 23, 2012, at 1:51 AM, JOSE MANUEL CANTERA FONSECA wrote: >> === Installed applications with WebAPI access === > > Why don't you call them 'Trusted Installable Applications'? The user could > also install a Web Application but which has not been discovered through > an app store and as as result, it might not be trusted ... >
Possible; I agree the current terminology is poor. I think we might have an hangup on "Trusted" and I do agree with the concerns raised around that. "Installable Web Applications" may be sufficient. >> >> === Installed applications with OS-level API access === > > Why don't we call them 'Trusted Core Applications'? That seems closer to the mark. >> Description: Some apps are integral components of the device UI, and need >> direct access to highly sensitive APIs. These apps are approved by a >> trusted 3rd party (ie. carrier or manufacturer) app store for implicit >> access to dangerous APIs. > > Or they could be pre-installed on the device by the Carrier / Manufacturer > ... > >> >> Use cases: User might want to swap out their default phone dialer or SMS >> client for a different one. Some APIs may be too difficult to secure so >> such apps may only be granted privileges after the app store has obtained >> certain assurances from the developer. > > And probably after the carrier manufacturer has verified them > >> >> Technical characteristics: Largely the same as the previous "Installed >> applications with WebAPI access" category, except for the extra trust >> granted to it by the store. > > Or by the carrier / manufacturer > I agree with your 3 points above. > >> Security & Privacy Characteristics: Implicit access to dangerous APIs >> means the risk to the user or carrier should this type of app be >> compromised is very high. For example, this type of app can dial a phone >> number directly without any user involvement or knowledge. >> >> Scope: Security permissions are granted to code enumerated in the >> manifest. >> > > What do you mean by 'Code Enumerated in the Manifest'? Unless this has changed recently, I believe we are using appcache for installable apps. Appcache requires a manifest that contains an explicit list of assets to assure they can be cached locally and that the app will work offline and be performant when network connectivity is poor / inconsistent. http://www.whatwg.org/specs/web-apps/current-work/multipage/offline.html Lucas. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security