On Fri, Mar 9, 2012 at 8:16 PM, Jonas Sicking <[email protected]> wrote: > User control: > > I think it's very important in all this that we put the user in > ultimate control. I don't think we want to rely on the user to make > security decisions for all APIs, however I think it's important that > we enable users to do so if they so desire. And I think that users > should be able to make security decisions in "both directions", I.e. > both enable more access as well as less access than the above system > provides. > > So during installation I think users should be able to tune down > access on a capability-by-capability basis. I.e. the user should be > able to say, "I want to run this SMS app, but I want to completely > disable the ability to send SMS messages" > > Additionally, we should have some way for a user to install an app > from a completely untrusted source and grant it any privilege that > he/she wants to. This needs to be a quite complicated UI so that users > don't do this accidentally, but I think it's important to allow as to > not create situations like on iOS where certain apps require users to > hack the device to get to install at all.
And of course in this part I forgot to mention that I think we should have a place where users can see a list of all the apps they have installed, and which privileges they are granted, and give them the ability to lower those privileges to either "prompt" or "deny" (where prompt would be with "default to not remember" since at this point I think we can assume that the user is capable of checking the box if desired). / Jonas _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
