I'm not opposed to a trusted UI approach, but I don't think it is possible to provide adequate functionality using a "take picture" button. The preview point is spot on. Think about the camera apps people use - preview is a universal feature among them.
One solution might be to bundle the preview option into the take picture UI - what happens now? That's basically reducing the typical access confirmation modal with a button that does the same thing, but doesn't have an option to "always allow". As an example of another (existing) camera permissions flow, look at Flash. They pop a settings dialog that can't be modified by the application, and the user has an option to persist the granted access. Taking that one step further, on Apple laptops there is a *hardware* indicator for camera access. That is something users trust. Also notice that there really aren't any popular systems that are designed to be secure from the ground up. Users want an experience that works and uses their device to its full potential *first*, and worry about security after that need has been met. For examples of this, look to Android's SD security or iOS's lazy address book access control (or any iOS API access for that matter). When security comes at the price of usefulness, you might want to think about how much security will matter if users return their devices in favor of a phone that has expected features like a camera viewfinder. I don't mean to specifically knock your point, however. If there was a way to use a trusted UI approach while still allowing for the features developers need now (and to a reasonable degree in the future), then surely that's the ideal path. I just have yet to see a workable concept. At the very least, the typical permissions based approach gives the users who genuinely care about their security rather convenient tools to manage it. Reading comments on the Android market does seem to confirm that this group of users actively polices their apps to ensure they aren't being duped. - Jason Jason Miller 519.872.0797 // developIT <http://developit.ca/> // Jason Miller Design<http://jasonmillerdesign.com/> *Developer of amoebaOS <https://amoebaos.com/>, Shutterborg<http://shutterb.org/> & more * _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
