ubuntu-phone team mailing list archive

[Stefano Verzegnassi <stefano92.100@xxxxxxxxx>]

2015-10-02 19:16 GMT+02:00 Roman Shchekin <mrqtros@xxxxxxxxx>:

> Qt contacts is limited? Why?
>

Suppose that there's a malicious app in the store that allows you to
download music from the web.
As far as I understand, this app could be able to secretely read all the
email addresses of your contacts and send them on the net for spamming.

In this regards, I'd like to see some kind of "smart" click-review tool
when an application is uploaded into the store.
I mean, instead of having a set of "reserved" or "common" AppArmor
policies, each policy has a weighted score.
The click-review tool should check for a combination of these policies, in
order to define more precisely how much dangerous an app could be.

For example, an app that has "networking" and "content_exchange" policies
could be potentially more dangerous than an app that has just a "read_path"
permission (which currently is not allowed) for "/proc/meminfo" (e.g. a
task manager).
Apps that have read-only access to user's Pictures folder, but has no
access to the net (e.g. a third-party image viewer or an image editor),
could be somehow considered safe instead.

I may have written dumb things, but I'd like to hear if there's any plan
for having some less restricted policies in Ubuntu (Touch) and/or some
whitelisted paths under certain conditions.