ubuntu-phone team mailing list archive

[Roman Shchekin <mrqtros@xxxxxxxxx>]

>
> For some people contacts is a a very personal/private data., and they
> do not want applications reading, sharing, downloading, uploading it.


It is not about security - it is about pain for developers. Malefactor will
anyway find the way to stole contacts and etc. once you installed his app.
So I think that Ubuntu Phone should stop trying to limit all of developer
features. Just remeber old N9 - all was fine without special policies.

2015-10-02 21:31 GMT+03:00 Stefano Verzegnassi <stefano92.100@xxxxxxxxx>:

>
> 2015-10-02 19:16 GMT+02:00 Roman Shchekin <mrqtros@xxxxxxxxx>:
>
>> Qt contacts is limited? Why?
>>
>
> Suppose that there's a malicious app in the store that allows you to
> download music from the web.
> As far as I understand, this app could be able to secretely read all the
> email addresses of your contacts and send them on the net for spamming.
>
> In this regards, I'd like to see some kind of "smart" click-review tool
> when an application is uploaded into the store.
> I mean, instead of having a set of "reserved" or "common" AppArmor
> policies, each policy has a weighted score.
> The click-review tool should check for a combination of these policies, in
> order to define more precisely how much dangerous an app could be.
>
> For example, an app that has "networking" and "content_exchange" policies
> could be potentially more dangerous than an app that has just a "read_path"
> permission (which currently is not allowed) for "/proc/meminfo" (e.g. a
> task manager).
> Apps that have read-only access to user's Pictures folder, but has no
> access to the net (e.g. a third-party image viewer or an image editor),
> could be somehow considered safe instead.
>
> I may have written dumb things, but I'd like to hear if there's any plan
> for having some less restricted policies in Ubuntu (Touch) and/or some
> whitelisted paths under certain conditions.
>