On 08/13/2012 07:11 AM, Lucas Adamski wrote: > == Notes == > Should sensitive system activities be somehow sandboxed away from "regular" > web activities? Is it dangerous for any app to register as a handler for > potentially sensitive operations (SMS, etc) even though it doesn't confer any > additional privilege. Should any app be able to initiate any activity?
What we said during the security review discussion is that we should always show an activity picking UI unless the only handler is a certified app or a default handler has been explicitly chosen. That way, we will not have to restrict some activities from some apps. -- Mounir _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
