Looks like a good start. especially
> 3) Your proposal means all privilege are granted up front at app > install: Nope, we should not confuse authentication with > authorization. For authenticated apps the initial trust decision just > grants the app the right to request those sensitive privileges. They > could still be opt-in, opt-out or any combination thereof. This is TBD. If the devs can find the time, a short list of requested permissions and a more fine grained advanced menu would be good. The hardest part being making sure they are difficult to generically bypass as Google have found out. Also an app dev being able to mark some of the requested permissions as essential perhaps with an optional comment to flag up for an "are you sure" in the advanced menu without actually forcing that permission would be good even if devs often just request all permissions to save themselves time? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
