I would also not undercount the significance of simply forcing the developer to go "on the record" with their intent.
IANAL, but it seems to me that a statement of intent from the developer provides a way for users (and markets) to hold the developer to their claims. If a developer is later found to have misrepresented its intentions, there could be repercussions - reputation-based, financial, or legal, depending on the terms of use. -m On May 29, 2012, at 8:54 AM, Jim Straus wrote: > A store may not do as much of an audit for an untrusted app but it could at > least look at the "reason" fields and make sure they're at least reasonable. > There is nothing preventing an app from abusing a permission, but the > permissions that are available to untrusted apps are reasonably benign (which > is why they are granted to untrusted apps). Even untrusted apps don't have > to automatically be accepted to a store if the store finds the reason (or > other things) not reasonable. > -Jim Straus > > On May 29, 2012, at 10:45 AM, Mounir Lamouri wrote: > >> On 05/23/2012 06:46 PM, Lucas Adamski wrote: >>> Yes, the rationale is only provided for trusted apps. It probably >>> shouldn't be included for untrusted. >> >> A big issue with the Android security model is that you have no idea why >> an application is asking for a specific permission so you don't know if >> this is for good or bad reasons. Sure, a 'reason' field might not be >> true if the app is untrusted but I would prefer that than nothing. >> >> This said, presentation here is the biggest issue. However, the market >> place could show the reasons with a big disclaimer, for example. >> >> -- >> Mounir >> _______________________________________________ >> dev-webapps mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-webapps > > _______________________________________________ > dev-webapps mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
