On 5/22/12 10:39 PM, Paul Theriault wrote: > Sid, > > Afaik, the current thinking in B2G (afaik) is to for apps to request > permissions by specifying a list of desired permissions in the manifest. > There has been talk of a "reason" field, which would accompany each > permission for basically the purposes you describe.
This is great. We need to emphasize that "Reason" should be used to explain what the app will do with data obtained from the API. A "Reason" that doesn't fit this use is, for example, "we need camera to capture video". An appropriate usage intention for a "mirror" app would be "we need camera, we will do live stream editing and not store video." The difference is subtle, but important. > I think this could be a useful feature for app reviewers (be it > marketplace staff, community members, or just security/privacy minded > users). We would need to implement it in such a way that it could not be > used as a social engineering mechanism though. For example, if we just > presented a dialog with the permission and reason together, the app > could seek to confuse the user. For example, your stashy camera app > might try to trick the user into giving access to the address book by > prompting something like "Permission: Addressbook, Reason: Allow your > camera to take photos. We need to make sure the permission being > granted is clear. Yeah, this would be bad. One option (off the top of my head) might be to avoid displaying reasons for apps whose manifests haven't been vetted by app store reviewers -- but they would still be in the manifest for inspection by advanced users. > But I do see the value per your points below, so i think we should have > a manifest format that supports this, and then figure out where and how > this information is presented. And also what to do when this information > isn't available. I think we should require app manifests to have this in order to be granted permissions. The problem I see is in localizing these strings. Admittedly, I haven't followed this discussion as much as I should have. Is there a strategy for providing localized "reason" strings to present users? -Sid _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
