W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Robin Berjon <robin@berjon.com>
Date: Wed, 8 Feb 2012 22:47:00 +0100
Cc: Boris Zbarsky <bzbarsky@MIT.EDU>, public-webapps@w3.org
Message-Id: <BEE6C534-BD46-4443-965F-1C379EDBB64A@berjon.com>
To: Paul Libbrecht <paul@hoplahup.net>
On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
> Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
>>> Android goes somewhat in this direction with its app-security model...
>> 
>> With all due respect, the app-security model on Android is a joke. Everyone just clicks through the permissions grant without even reading what's being requested, because _every_ app asks for a bunch of permission grants up front and won't run until you grant them.  Any random game wants permission to do arbitrary internet access (as mentioned earlier on this thread, already a security hole if you happen to be behind a firewall when you run the game), listen to your phone conversations, read your addressbook, etc.  Perhaps they do have some sort of rarely-used features that require such access, but the model forces them to ask for all the permissions immediately... and the user is trained to just accept.
> 
> No, no app has yet demanded me my addressbook access and some apps add advertisement: and hey, I do not need network.
> That's the general problem with demanding permissions... I agree it's in infancy.

Apps on Android are unlikely to request access to your address book because the Android Intents model makes it so that unless you're installing a contacts manager app, there probably is no reason why any app would have access to that. That said, if it did require access, the odds that a user would notice are close to nil.

> However this is for an APP download, where you expect some level of trust (basically the essence of an app store's objective?).

I would hesitate to be all too trustworthy. There are plenty of examples of bad stuff getting past the gates. I think we're much better off with a security model that doesn't require you to trust a third party because it's an obvious point of failure.

-- 
Robin Berjon - http://berjon.com/ - @robinberjon
Received on Wednesday, 8 February 2012 21:47:28 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT