<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">1.12.2013 13:22,
<a class="moz-txt-link-abbreviated" href="mailto:artem.marchenko@gmail.com">artem.marchenko@gmail.com</a>:<br>
</div>
<blockquote cite="mid:20131201122237.5693587.17843.943@gmail.com"
type="cite">
<div id="BB10_response_div" style="width: 100%; font-size:
initial; font-family: Calibri, 'Slate Pro', sans-serif; color:
rgb(31, 73, 125); text-align: initial; background-color:
rgb(255, 255, 255);">A couple of points from an experienced of
developing several small Symbuan-Meego apps and managing
development of iOS apps. Just notes of somebody who likes
development yet prefers thinking about the user rather than
superior hacker-user.</div>
<div id="response_div_spacer" style="width: 100%; font-size:
initial; font-family: Calibri, 'Slate Pro', sans-serif; color:
rgb(31, 73, 125); text-align: initial; background-color:
rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);">1) if we are
into asking permissions, let's ask them on first attempt (as iOS
does), not in installation as Android does. At first use of e.g.
putting a photo to map there us at least a small chance user
could understand why GPS positioning is asked for.</div>
</blockquote>
Also the user should be able to grant permissions individually, not
just all-or-nothing (like on Android) & the app needs to be able
to work with it. That's how it is on BB10 for example.<br>
<blockquote cite="mid:20131201122237.5693587.17843.943@gmail.com"
type="cite">
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);">1.1) and if user
rejects, make app unable to request 2nd time. At max let app
direct user to system Settings for unblocking</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);">2) Sandboxes are
limiting, but matter. It is way more difficult to freeze to
death or misuse iPhone than Android. That probably goes against
Mer/Sailfish philosophy though. <br>
</div>
</blockquote>
Yeah, I would say properly tested applications & community
feedback are enough and no artificial limitations are needed. :)<br>
<br>
<blockquote cite="mid:20131201122237.5693587.17843.943@gmail.com"
type="cite">
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);">Cheers,</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);">Artem.</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);"><br>
</div>
<div style="width: 100%; font-size: initial; font-family: Calibri,
'Slate Pro', sans-serif; color: rgb(31, 73, 125); text-align:
initial; background-color: rgb(255, 255, 255);"><br>
</div>
<table style="background-color:white;border-spacing:0px;"
width="100%">
<tbody>
<tr>
<td id="_persistentHeaderContainer" colspan="2"
style="font-size: initial; text-align: initial;
background-color: rgb(255, 255, 255);">
<div id="_persistentHeader" style="border-style: solid
none none; border-top-color: rgb(181, 196, 223);
border-top-width: 1pt; padding: 3pt 0in 0in;
font-family: Tahoma, 'BB Alpha Sans', 'Slate Pro';
font-size: 10pt;">
<div><b>From: </b>AL13N</div>
<div><b>Sent: </b>Sunday, December 1, 2013 01:12</div>
<div><b>To: </b><a class="moz-txt-link-abbreviated" href="mailto:devel@lists.sailfishos.org">devel@lists.sailfishos.org</a></div>
<div><b>Reply To: </b>Sailfish OS Developers</div>
<div><b>Subject: </b>[SailfishDevel] community thoughts
on app security</div>
</div>
</td>
</tr>
</tbody>
</table>
<br>
<div id="_originalContent" style="">plz see the thoughts of
'users' on app security (compiled from IRC #jolla)<br>
<br>
to be found here: (on section of same name)<br>
<br>
<a class="moz-txt-link-freetext" href="http://elinux.org/Jolla">http://elinux.org/Jolla</a><br>
<br>
additionally, there's also stuff on jolla hardware there, and
some<br>
thoughts on defined services on apps(system) for other apps
(maybe dbus<br>
stuff?)<br>
<br>
i don't know if this is really something for sailfishos? or nemo
or mer or<br>
jolla... so i'm posting it here :-)<br>
<br>
_______________________________________________<br>
SailfishOS.org Devel mailing list<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
SailfishOS.org Devel mailing list</pre>
</blockquote>
<br>
</body>
</html>