- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 01 Feb 2012 15:03:43 -0500
- To: public-webapps@w3.org
On 2/1/12 2:41 PM, Paul Libbrecht wrote: > Android goes somewhat in this direction with its app-security model... With all due respect, the app-security model on Android is a joke. Everyone just clicks through the permissions grant without even reading what's being requested, because _every_ app asks for a bunch of permission grants up front and won't run until you grant them. Any random game wants permission to do arbitrary internet access (as mentioned earlier on this thread, already a security hole if you happen to be behind a firewall when you run the game), listen to your phone conversations, read your addressbook, etc. Perhaps they do have some sort of rarely-used features that require such access, but the model forces them to ask for all the permissions immediately... and the user is trained to just accept. >>> - Access to RAM at runtime, to a limit > > I don't know how well such limits are handled by browsers, I've seen a lot of browser crashes for these reasons. Pointer? Several JS engines have heap size limits and stack size limits and will throw exceptions when either is reached. Any browser running web content in a separate process can impose global RAM limits on that process if desired (ulimit on Unix-like OSes, but Windows has similar functionality). >>> - CPU time when in background, to a limit > > Same thing, the user-warning on slow script is not that limit! Apart from timeout throttling UAs are not doing much here yet. I expect they will do more. >> There's plenty of things we can do to make the Web platform more >> compelling and a better competitor to native apps, but adding "installing" >> isn't one of them. That would in fact take one of the Web's current >> significant advantages over native apps and kill it. > > when you consider the success of app-stores, I think that I do not share this view. Indeed. -Boris
Received on Wednesday, 1 February 2012 20:04:12 UTC