I'm not sure all Settings should be treated as either one of two levels (accessible with no user involvement, or not accessible at all). I think different Settings should be handled individually. Here are some suggestions for a few possible Settings parameters:
-- Vibrating the phone and changing the time: Let all apps* do it, but the default Settings app should say what app last changed this setting. -- Changing the wallpaper or ringtone: Let all apps do it, but provide an "undo" mechanism in Settings that changes it back to what it was prior to that app altering it. -- Turning the sound up or down: Let all apps do it, but have the OS throw a short, slightly-transparent notification saying that the app is doing it the first 5(?) times an app changes the setting. -- Adding words to the dictionary: Only let apps do this if they are installed as IME apps; there should only be one IME app at a time. -- Connecting or disconnecting from bluetooth: All apps can get a list of nearby devices. If an app initiates pairing to a new device, show a special runtime dialog that includes information about the target device. Whenever a bluetooth connection is active, display a Bluetooth icon. -- Connecting or disconnecting from WiFi: Apps can connect to known networks, or disconnect from any network. If an app is connecting to a new network, ask the user with the standard OS prompt for connecting to new networks. The Settings WiFi control panel should have some small text that says what app last disconnected you from the network if the current state of the phone is disconnected. -- Reading current WiFi state: Any app can do this, but the SSIDs should be treated like geolocation. *Whenever I say "apps" in this e-mail I mean trusted/certified apps, not arbitrary web sites. On Sun, Apr 15, 2012 at 11:16 PM, Lucas Adamski <ladam...@mozilla.com>wrote: > Please reply-to dev-weba...@lists.mozilla.org > > Name of API: Settings API > Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=678695 > > Brief purpose of API: API to configure device settings > General Use Cases: None > > Inherent threats: > *Access sensitive configuration data (wifi passwords etc) > *Change settings which might cost user money (data settings, roaming etc) > *Safety implications (airplane mode? If you believe a plane can be brought > down by a mobile phone...) > > Threat severity: High > > == Regular web content (unauthenticated) == > Use cases for unauthenticated code:None > Authorization model for normal content: None > Authorization model for installed content:None > Potential mitigations: N/A > > == Trusted (authenticated by publisher) == > Use cases for authenticated code: Modify a specific setting - e.g. e-book > app modifies brightness in response to lighting conditions > Authorization model: Implicit > Potential mitigations: Limit access to benign settings > > == Certified (vouched for by trusted 3rd party) == > Use cases for certified code: replacement settings manager app > Authorization model: Implicit access to all settings > Potential mitigations: None > > _______________________________________________ > dev-webapi mailing list > dev-web...@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-webapi > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
