WebAPI/WebActivities/LessonsLearned: Difference between revisions

Jump to navigation Jump to search

WebAPI/WebActivities/LessonsLearned (view source)

Revision as of 22:49, 16 May 2014

1 byte added ,  16 May 2014
→‎Differences between "data sources" and activities/intents
Line 173: Line 173:
We haven't figured out the security aspects of exposing write access to the "contacts" data sources, without worrying that a rouge app could simply delete or corrupt all the user's contacts. A simple yes/no security dialog doesn't feel like enough to protect the user. So for now we are sadly relying on similar mechanisms that we use to protect TCPSocket and SD-card access, i.e. signatures from a trusted party.
We haven't figured out the security aspects of exposing write access to the "contacts" data sources, without worrying that a rouge app could simply delete or corrupt all the user's contacts. A simple yes/no security dialog doesn't feel like enough to protect the user. So for now we are sadly relying on similar mechanisms that we use to protect TCPSocket and SD-card access, i.e. signatures from a trusted party.


We also haven't figured out to to ensure that an app that has write access to contacts follows whatever format a contact should have.
We also haven't figured out how to ensure that an app that has write access to contacts follows whatever format a contact should have.


So for v1 I would recommend to punt on "data sources".
So for v1 I would recommend to punt on "data sources".
Sicking
Confirmed users
716

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/977833"

Navigation menu