I don’t have any objections, but we to need to come up with sane permission mode & UX. See bug https://bugzilla.mozilla.org/show_bug.cgi?id=942641 <https://bugzilla.mozilla.org/show_bug.cgi?id=942641>
> On 20 May 2015, at 2:26 am, Christopher Lord <[email protected]> wrote: > > Hi all, > > I've recently been prototyping a new homescreen, and I wanted to make it a > privileged app if possible. As the homescreen is the primary interface to > access bookmarks since 2.1, it is basically impossible to write an adequate > homescreen unless you're a certified app. My only problem is that we have this weird mix of datastore and APIs and its currently hard to resolve a sane security UX story out of this. Some data is stored with specific APIs (deviceStorage, contacts) and others are stored in DeviceStorage. I don’t really have a preference opinion one way or the other but I want to give our users better control over their data (which in turns makes it safe for us to expose these things to developers). At the moment, its certified because the security of the system depends entirely on the behaviour of the apps using datastore. > > Long-term, we want to move away from data-stores, but I suggest that > short-term, read-only access should be allowed for privileged apps. This > would allow third party homescreens to work well (there are already > web-activities for saving/editing and removing bookmarks) and I don't think > it would encourage the use of the API (as you can't write or create your own > data-stores). > > Does anyone have any thoughts or objections on this? If we're allowing third > party homescreens, this seems like a blocker to me. > > Cheers, > > --Chris
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
