B2G apps will, by some mechanism, acquire permissions, e.g. to read contact lists. IMO, it should be possible for a user to deny an app permissions on a fine-grained basis - either at install time or by revoking permissions later.
Trouble is, app authors will write their apps to assume that the permissions they asked for are valid. They will almost certainly forget to check error codes or have sensible fallback behaviour. So what do we do if an app calls an API which it doesn't have permission for? Why not define in the spec an "empty response" for each call? So if an app called contacts.getAll(), it would return an empty list even if the user had plenty of contacts. If it called phone.getPhoneNumber(), it would return +00 000000000. A "get location" call would return the South Pole. And so on. A well-written app which checked whether it had permissions before making the call would never see these responses. But a badly-written app would not fail with an exception, but keep running. (This thought was prompted by the fact that my tv24.co.uk Android app now wants to "read phone state and identity". I don't want it to do that, but I do want the update otherwise. But on Android, revoking individual permissions is not officially supported, although apparently you can try it on CyanogenMod.) Gerv _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
