A store may not do as much of an audit for an untrusted app but it could at least look at the "reason" fields and make sure they're at least reasonable. There is nothing preventing an app from abusing a permission, but the permissions that are available to untrusted apps are reasonably benign (which is why they are granted to untrusted apps). Even untrusted apps don't have to automatically be accepted to a store if the store finds the reason (or other things) not reasonable. -Jim Straus
On May 29, 2012, at 10:45 AM, Mounir Lamouri wrote: > On 05/23/2012 06:46 PM, Lucas Adamski wrote: >> Yes, the rationale is only provided for trusted apps. It probably shouldn't >> be included for untrusted. > > A big issue with the Android security model is that you have no idea why > an application is asking for a specific permission so you don't know if > this is for good or bad reasons. Sure, a 'reason' field might not be > true if the app is untrusted but I would prefer that than nothing. > > This said, presentation here is the biggest issue. However, the market > place could show the reasons with a big disclaimer, for example. > > -- > Mounir > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
