ubuntu-phone team mailing list archive

[John Johansen <john.johansen@xxxxxxxxxxxxx>]

On 11/30/2015 03:24 PM, Randall Ross wrote:
> 
> 
> On 11/30/2015 01:32 PM, sturmflut wrote:
>> Good evening dear list,
>>
>> I don't consider this discussion on-topic. Canonical "just" ports and
>> ships an open-source Telegram client for Ubuntu and has no influence on
>> any design decisions the Telegram team made. Read notifications are such
>> a design decision, the "last seen" status can be hidden and adding a
>> switch for it should be a topic for a bug report.
> Good idea Simon. I have opened that bug.
> https://bugs.launchpad.net/telegram-app/+bug/1521391
> 
> Features should indeed be discussed upstream with the team involved.
> However, there might be a more fundamental platform "issue" forming
> here. Not sure, and I'm just tabling this for discussion so please don't
> read too deeply into it:
> 
> What role should a platform have in supporting (or not) the features
> that are upstream?
> 
> Today it might be Telegram, and tomorrow something else that kicks off a
> privacy discussion. At run-time, should the platform enforce some
> pre-determined level of privacy or should the platform be a perfect
> conduit for the features (or in the worst case anti-features) of any
> given application?  I'm assuming there is a set of apps that would pass
> required tests to get into the store, but then do (or share) things that
> some people might not like later. (Maybe that's impossible, but I'd like
> to at least explore the idea.) And, is AppArmor the answer or would
> enforcement need to be in some other system?
> 

The is out of scope for the security system/apparmor.

The security system keeps apps for stealing other application or system
data it can not know or understand what an app is doing with its own
data or communications.

ie. we can block the app from communicating, but that would make Telegram
useless. Once telegram has a communication channel it is free to communicate
how it sees fit with the data it has access to.

The only real solution for something like Telegram is a code audit. At
which point you could either re-audit the code on every update of the
app or make the trusted code a backend service and provide an api to clients,
and not allow clients to communicate except via the trusted service.

The whole point of the app store security model was to get away from having
to do code audits (which don't scale), and allowing developers to update
their apps rapidly. Ubuntu can not hope to provide the resources necessary
to audit and control each individual app on the platform. Its focus is
the core OS and app developers are responsible for their own apps. If
Telegram have designed their service this way then its something for them
to change, or stop using there service and switch to something that meets
your requirements.


> I searched the list archive for "privacy" but didn't find much.
>>
>> Anything else should be discussed in the appropriate Telegram forums.
>>
>> Also if Canonical have at any point made official statements about
>> privacy or security issues in Telegram then I have not gotten that memo,
>> please refer me to it in private. As far as I can see Canonical do not
>> even mention the words "private" or "secure" in the app store description.
> I haven't seen any official statements either, but would love to read
> and review if any have been made.
> 
> Cheers,
> Randall.
>>
>> cheers,
>> Simon
>>
> 
>