On 04/16/2012 10:22 AM, Jim Straus wrote:
How about un-install an app, update an app (assuming that the app has a cached
component and we can distinguish when cached components change, and also that
we desire that the user can control when an app is updated).
I also think that the risks for some of the APIs vary. For example, getSelf()
doesn't seem like a risk. un-install an app seems much higher (if an app can
un-install others locally stored data would be lost), and the list of installed
apps has the potential for fingerprinting (though also potentially useful for
an app developer cross-selling another of their apps if you don't have it
already). Maybe we just group the permissions into two buckets with the low/no
risk APIs always granted and the others needing permission.
uninstall() is a method of the application object itself. Since you can
only get apps that you installed from (using getInstalled()) or yourself
(using getSelf()) this mitigates the risks. Only apps having high
privileges can use mgmt.getAll() to see cross-stores installs.
Fabrice
--
Fabrice Desré
b2g Team
Mozilla Corporation
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
