That is one area where one could trust the app - the only way for it to gain access to the camera would be to insert the button's DOM node facade (this is a secure mechanism, because the DOM node is not the button itself, it is only a placement indicator). The OS then observes the positioning, determines if the app is trying to obscure the button, and creates the real UI element.
That being said, is there still a need for the buttons? I thought the general consensus was that the delay+indicator+permissions was the way to go? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
