On 5/24/2012 11:57 AM, Jim Straus wrote:
Hello -
People can certainly created rogue UAs that can bypass much more than
"installs_allowed_from". But I don't think manufacturers are likely to do this
as they know it would seriously impact the ecosystem of stores/developers/devices as it
would be a disincentive for developers to develop for the platform. Device manufacturers
can make it difficult for folks to install rogue UAs by requiring signed code before
installing/running new UAs (as some Android devices do). This isn't to say it
can't/won't happen. B2G is effectively a rogue UA on Android, but I don't think it is
likely to be done as part of an manufacturer distribution.
As mentioned previously, if an author wants, they can allow for distribution from any
place using the "*". but it is ultimately up to the app developer to make that
choice.
-Jim Straus
While installs_allowed_from may be necessary for paid apps (in order to
keep people from being tricked into paying for something which they then
can't receive), it is overall a necessary evil, and if we could
distinguish in some other way between paid and nonpaid apps, we (the
Mozilla UAs) *shouldn't* honor it for nonpaid apps. In general, we
should be giving the most control to the user, not to the developer.
--BDS
_______________________________________________
dev-webapps mailing list
dev-webapps@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-webapps
