On May 23, 2012, at 18:12, Sid Stamm <[email protected]> wrote:
> On 5/22/12 10:39 PM, Paul Theriault wrote: >> Sid, >> >> Afaik, the current thinking in B2G (afaik) is to for apps to request >> permissions by specifying a list of desired permissions in the manifest. >> There has been talk of a "reason" field, which would accompany each >> permission for basically the purposes you describe. > > This is great. We need to emphasize that "Reason" should be used to > explain what the app will do with data obtained from the API. A > "Reason" that doesn't fit this use is, for example, "we need camera to > capture video". An appropriate usage intention for a "mirror" app would > be "we need camera, we will do live stream editing and not store video." > > The difference is subtle, but important. Yup, that is the purpose of the "rationale" field but defining how that exactly should be used in the spec is tricky. That's probably the biggest holdup to adding it to the manifest spec. >> I think this could be a useful feature for app reviewers (be it >> marketplace staff, community members, or just security/privacy minded >> users). We would need to implement it in such a way that it could not be >> used as a social engineering mechanism though. For example, if we just >> presented a dialog with the permission and reason together, the app >> could seek to confuse the user. For example, your stashy camera app >> might try to trick the user into giving access to the address book by >> prompting something like "Permission: Addressbook, Reason: Allow your >> camera to take photos. We need to make sure the permission being >> granted is clear. > > Yeah, this would be bad. One option (off the top of my head) might be > to avoid displaying reasons for apps whose manifests haven't been vetted > by app store reviewers -- but they would still be in the manifest for > inspection by advanced users. Yes, the rationale is only provided for trusted apps. It probably shouldn't be included for untrusted. > >> But I do see the value per your points below, so i think we should have >> a manifest format that supports this, and then figure out where and how >> this information is presented. And also what to do when this information >> isn't available. > > I think we should require app manifests to have this in order to be > granted permissions. It's required for trusted apps. > > The problem I see is in localizing these strings. Admittedly, I haven't > followed this discussion as much as I should have. Is there a strategy > for providing localized "reason" strings to present users? Good question, ouch. I'd imagine we have a localization problem with manifests in general. Lucas. > > -Sid > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
