I think the web browser is different from the file browser. If you hand your phone to a stranger, unlocked, with the intention that they can use the phone to dial someone or view the wikipedia entry for a topic under debate or check the weather or whatever, you'd really like it to be difficult for the person to make your life miserable. Dangerous operations should require re-prompting with pin or password.
The file browser would allow someone to add .ssh/authorized_keys or other similar tricks. The web-browser is, as far as I know, a mostly- read interface that would have great deal of difficulty modifying content. Granted that there may be plaintext data on the phone that a user wouldn't want a stranger to have easy read access to, but that data should probably be stored encrypted anyway. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to webbrowser-app in Ubuntu. https://bugs.launchpad.net/bugs/1393515 Title: browser allows browsing the phone filesystem Status in webbrowser-app package in Ubuntu: Confirmed Status in webbrowser-app package in Ubuntu RTM: Confirmed Bug description: Using a URL like: file:/// gets you to the root of the phone filesystem ... i assume this is not actually desired since we even block the filemanager app to go higher up then $HOME without requiring a password. The webbrowser-app should either: * behave like the file-manager (see bug #1347010 for details) * file:/// should be disabled altogether on the phone * webbrowser-app should run confined which would force the use of content-hub by limiting file:/// access to those paths allowed by policy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/webbrowser-app/+bug/1393515/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp