On 4/18/2012 11:18 AM, Fabrice Desré wrote: > On 04/16/2012 10:22 AM, Jim Straus wrote: >> How about un-install an app, update an app (assuming that the app has a >> cached component and we can distinguish when >> cached components change, and also that we desire that the user can control >> when an app is updated). >> I also think that the risks for some of the APIs vary. For example, >> getSelf() doesn't seem like a risk. un-install >> an app seems much higher (if an app can un-install others locally stored >> data would be lost), and the list of >> installed apps has the potential for fingerprinting (though also potentially >> useful for an app developer >> cross-selling another of their apps if you don't have it already). Maybe we >> just group the permissions into two >> buckets with the low/no risk APIs always granted and the others needing >> permission. > > uninstall() is a method of the application object itself. Since you can only > get apps that you installed from (using > getInstalled()) or yourself (using getSelf()) this mitigates the risks. Only > apps having high privileges can use > mgmt.getAll() to see cross-stores installs. > > Fabrice
I was just scrubbing the web API security discussions, and this thread jumped out at me. After discussing with Jonas I'm still concerned that we need to have a consistent experience when installing and uninstalling apps is concerned. If a user happens to discover app B through random website (or app) A, then they won't expect that website A now has the ability to uninstall that app without user consent. The typical pattern there is site A would send the user to an established app store which the user would then visit to manage their apps. If random site A now has the ability to uninstall it, they could delete app B when/if the user randomly ends up on site A again (even if for a technically valid reason, like a malicious app), without the user ever being aware of when/how/why it disappeared. This seems like a crappy experience all around. So I think we always need UI for app installation and uninstallation to maintain user sovereignty over their device. Lucas. _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
