Confirm
717
edits
Changes
→Installed trusted application
*App store signs the app manifest which contains the list of assets and their corresponding hashes.
*At install app assets are verified & stored locally in appcache.
*Require a Content Security Policy of "script-src: 'self'; object-src: 'self'; style-src: 'self'" to mitigate content injection attacks and maintain application integrity.
*All explicit permissions are requested at runtime, and persisted by default.
*User can monitor permission state and change app permissions via consistent permission notification UI
*Privileges granted are limited to explicit list of application assets; we must enforce security boundaries between trusted code and any untrusted content that means we need to put those into a domain separate from their original originthe app may also load.
===Certified application===
