On Mon, Aug 6, 2012 at 4:17 PM, Lucas Adamski <[email protected]> wrote: > I'm not sure we have any disagreement then. Per > https://wiki.mozilla.org/WebAPI/Security/SMS showing a user > confirmation is a recommended mitigation, so *if* we could implement > something like: > explicit permission for SMS access + OS confirmation on send > - would that work?
I'm talking about more than showing a user confirmation. I'm talking about using the model of WebActivities to switch over to the SMS app and send the message there. The <a href="sms:..."> syntax is basically syntax sugar on top of such a WebActiity. So I think we should label it as "Using web activities" for anything but certified apps. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
