I think it would indeed be nice if users could inspect an addon and see what capabilities that it asks for. But I think this is something that would be relatively cryptic to most users. So I'd be fine with leaving this for a bit later.
/ Jonas On Wed, Jun 24, 2015 at 7:46 AM, Gareth Aye <[email protected]> wrote: > Is there a reason (technical or philosophical) that we haven't put any > effort into a permissions model for addons similar to what we're trying to > do for webapps on fxos? I can imagine, personally, using closed-source > addons which I am granting specific, granular capabilities, but I would be > very hesitant to use closed-source addons that could really do anything with > my phone. > > On Tue, Jun 23, 2015 at 2:38 PM, Jonas Sicking <[email protected]> wrote: >> >> On Tue, Jun 23, 2015 at 3:34 AM, Gervase Markham <[email protected]> wrote: >> > On 22/06/15 16:21, Jonas Sicking wrote: >> >> ** Phone behavior ** >> >> >> >> One of the primary pieces of functionality of a smartphone is the >> >> phone. I.e. phone calls and SMS/MMS. While these are old and boring >> >> technologies, they are still heavily used. >> >> >> >> I think it would be great to add hooks to enable addons to react to >> >> incoming and outgoing phone calls and SMS/MMS. >> >> >> >> Ideally this would not be done by having the addons modify the Gaia >> >> app frontends, but rather by having the addons hook in to the >> >> phone/SMS/MMS backends. Both because it'll be easier for addons to >> >> hook in at that level, and because we can keep backend hooks stable >> >> even when we update Gaia/FirefoxOS to users. >> > >> > Although it would be cool if the app was then notified about any changes >> > so it could update its UI. E.g. if a dial-through addon modifies my >> > dialling of an international number to first dial a local number, wait, >> > and then dial through the international number, I'd like to see what was >> > happening on the display. Otherwise, I'll dial and see e.g.: >> > >> > 001 413 243 0181 >> > >> > but hear the touchtone equivalents for: >> > >> > 020 1234 4567 <pause> 001 413 243 0181 >> > >> > I'd like to say I think this API is critically important. Being able to >> > mess with this stuff is still not very possible on other platforms, and >> > yet it's a crucial feature for putting users in control. But it's also >> > easily abusable by malware, which is another reason I think we need to >> > have UI updates for what the phone is actually doing. >> >> I agree that we should enable addons to modify outgoing phone numbers >> in such a way that the user sees the modified phone number. >> >> However given that addons will be able to modify the dailer UI, there >> is no way we can ensure that the user sees what number is called. And >> I think that's good since I want to enable addons that modify the user >> experience. >> >> Addons are scary, they can and will do things that are unsafe. We need >> to be fine with that. That's why we are separating addons from web >> content. >> >> / Jonas >> _______________________________________________ >> dev-b2g mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-b2g > > _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
