| Thread Previous • Date Previous • Date Next • Thread Next |
On 04/06/15 22:07, Krzysztof Tataradziński wrote:
Hello, I don't have to much knowledge about programming, so here's my question: how can we know that unofficial bank webapp don't send our login and password somewhere else also (i. e. to creator of that webapp)?
Hi, we have discussed this before: https://lists.launchpad.net/ubuntu-phone/msg12020.htmlthere is quite a lot that a webapp can do to be evil, and pretty much nothing stopping it. I really do think that third party webapps should not be allowed without manual review (maybe chargeable). If you want to submit a webapp to the store then the store should generate a random uuid for you, like 87c396ea-0b64-11e5-ae6a-5254008895fb. You then place this at http://yourwebsite.com/ubuntustorecode, the store checks it is there and matches and then publishes your app. This way there is no barrier to publishing webapps for websites that are yours. If you can't do that (i.e. it isn't your website you are wrapping in extra local functionality) then you need a manual review. I don't think banking webapps should be allowed at all unless published by the bank.
Alan.
| Thread Previous • Date Previous • Date Next • Thread Next |
