>The countdown annoyance could also be mitigated by adding an "always allow" >option to the user countdown indicator or recording notification UI. That >way a user can grant her favorite alternative Camera application persisted >access to immediate stream access. Those two concepts combined solve the >issues I identified earlier. > >The delay could actually be combined with a dialog as well - perhaps >something like the typical "allow camera access?" dialog, but with a timer >that defaults to the "yes, this time" option after a few seconds. The more >opportunities the user has to permanently grant or deny camera access, the >better the user experience becomes for apps the user actually intends to >use - remember, ideally these security additions should impact the >malicious apps more than apps that have a genuine need for camera access.
Enabling the camera off a timer seems very, very iffy to me. There are all sorts of ways that could go wrong and possible ways a malicious app might find to hide the countdown or distract you from it - even as simple as forcing an unusually long GC/CC, since we have a problem even blinking cursors during GC/CC. (This is just an example; my point was timers open all sorts of avenues of attack.) And it has the same issue with requester fatigue - the user gets inured to "just click ok" anytime they see it; they stop reading to see *which* app actually requested it, and with a timeout they have little time to read it, or to consider, or to see if they should trust (check online resources about "is this app trustworthy?"), etc. -- Randell Jesup, Mozilla Corp remove ".news" for personal email _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
