On May 29, 2012, at 7:45 AM, Mounir Lamouri wrote: > On 05/23/2012 06:46 PM, Lucas Adamski wrote: >> Yes, the rationale is only provided for trusted apps. It probably shouldn't >> be included for untrusted. > > A big issue with the Android security model is that you have no idea why > an application is asking for a specific permission so you don't know if > this is for good or bad reasons. Sure, a 'reason' field might not be > true if the app is untrusted but I would prefer that than nothing. > > This said, presentation here is the biggest issue. However, the market > place could show the reasons with a big disclaimer, for example.
The reason we display the "intended usage" with trusted apps is that it has been reviewed and approved by an app store (and the developer is at least somewhat authenticated), so that UI can be considered reasonably authoritative. For an untrusted app that space would could easily be used by a bad-guy to trick the user into allowing access, and the user would not understand the different levels of trustworthiness. Disclaimers don't work here (insufficient real estate, and if its really untrustworthy then we shouldn't show it). Lucas. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
