On Wed, Apr 8, 2015 at 12:11 AM, Paul Theriault <[email protected]> wrote: > > 2. Vulnerabilities in apps affect ALL users of FxOS > The combination of no-installation and deep-linking into apps creates has a > multiplicative effect for risk for our users. Currently if an attacker finds > a security bug in an application on marketplace, that bug only affects the > users that have chosen to install it. Without installation, this bug affects > ALL FxOS devices. > > This is the one that scares me the most TBH. Especially when you couple it > with remembered permissions.
We can certainly make it impossible to remember permissions to signed APIs unless the user has "bookmarked to homescreen" the signed content. / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
