On 07/03/2012 08:07 PM, Jonas Sicking wrote: >>> 1. For untrusted apps, should we show data usage intentions (rationale) >>> as permissions are requested? These strings are not reviewed by an app >>> store, but as Adrienne pointed out, the value may outweigh the risk of >>> deception. >> >> I think our permission UI should be trustworthy, which means the >> user should be able to rely upon the information it presents. This >> falls far short of that. > > I am also not a fan of this proposal. > > One option might be to put a link there that says something like "The > developer of the application has provided a description of why they > want this permission. Click here to see that description". > > When clicked we would replace the whole UI with something that shows > the description as well as a 'back' button. > > That way the displayed UI is can be trusted, but if the user takes an > explicit, and fairly clear, action, they can see the description.
Sounds like we need to treat trusted apps and untrusted apps differently regarding the usage intentions. I still think we should require (in the manifest) that the app developer put something as the usage intention, but we don't have to display it to users all the time, perhaps doing something like what you suggest here, Jonas. Adrienne -- what do you think of this idea? -Sid _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
