- From: Paul Libbrecht <paul@hoplahup.net>
- Date: Wed, 1 Feb 2012 21:20:45 +0100
- To: Boris Zbarsky <bzbarsky@MIT.EDU>
- Cc: public-webapps@w3.org
- Message-Id: <0C4EFF67-166E-42DD-82A2-CEB9114E5D37@hoplahup.net>
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit : >> Android goes somewhat in this direction with its app-security model... > > With all due respect, the app-security model on Android is a joke. Everyone just clicks through the permissions grant without even reading what's being requested, because _every_ app asks for a bunch of permission grants up front and won't run until you grant them. Any random game wants permission to do arbitrary internet access (as mentioned earlier on this thread, already a security hole if you happen to be behind a firewall when you run the game), listen to your phone conversations, read your addressbook, etc. Perhaps they do have some sort of rarely-used features that require such access, but the model forces them to ask for all the permissions immediately... and the user is trained to just accept. No, no app has yet demanded me my addressbook access and some apps add advertisement: and hey, I do not need network. That's the general problem with demanding permissions... I agree it's in infancy. However this is for an APP download, where you expect some level of trust (basically the essence of an app store's objective?). If a random web-page starts to ask me the same, I would surely be talking differently! Tim, did you say any reasons why the current widget model that can be installed as a sort of app on mobile devices is not an approximation of your desires? paul
Received on Wednesday, 1 February 2012 20:21:18 UTC