On the other hand, so long as we fail hard in the case of invalid SSL (and implement verification correctly!), because this is a specialized app that uses a hardcoded URL, one could argue there is no need to show anything extra. If a lock would provide more user assurance, then perhaps make it a green lock. As such, feel free to take comment #3 under advisement if implementing this, but I'll soften my stance and say it is not a requirement.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to unity-scope-click in Ubuntu. https://bugs.launchpad.net/bugs/1489643 Title: Paypal login cannot be assured to be from paypal Status in Ubuntu UX: New Status in unity-scope-click package in Ubuntu: Triaged Bug description: When paying for an app with Paypal, the Paypal login screen is presented in an Ubuntu wrapper. There is no indication on this page that I'm actually looking at paypal.com rather than being phished or that some bad DNS has pointed me to a wrong site. The padlock in the top corner doesn't indicate anything I'm inclined to believe -- is it showing that the connection is https? Has it verified that I'm really talking to Paypal? How can I know that? This is encouraging people to type their Paypal password into phishing sites. The previous step in the purchase process, where I'm choosing which payment system to use, also displays a padlock, and that hasn't connected to any payment site at all. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-ux/+bug/1489643/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp