Hi @torgo, we have heard a lot of concerns about security and spoofing and have been discussing implementing a way to toggle between a normal standalone titlebar and the window controls overlay. When an app is installed that supports window controls overlay, by default it opens in standalone mode. Then from a button in the titlebar, the user can choose to toggle into this unsafe state. We are still discussing how best to notify the user of exactly what area can be trusted (e.g. highlighting bounds of UA-controlled region when toggling between modes).
Would this help to resolve the privacy issues? If so, I can update the explainer to include this mitigation. Also, we have a doc with other mitigation options if this approach is still insufficient: https://docs.google.com/document/d/1l7z7Y88lhL9r_0y5S-pcYGaFJqUkaPKSDcgRRTIyj6c/edit?usp=sharing
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/481#issuecomment-696898484