Hi all,
there is a somewhat sparsely documented feature of webapps that allow
you to specify --webappModelSearchPath=. as a parameter of
webapp-container in the .desktop file and have a file called
webapp-properties.json in the project. This can specify a script to be
loaded into the webapp, which you can also put in the package or
possibly on a remote server, an example of this can be found here
http://bazaar.launchpad.net/~sil/+junk/seshat/files
Now this got me thinking about all the awesome stuff I could do with
this, I could write a webapp that wraps my online banking and paypal and
then it scrapes the statements and offers to reconcile stuff against my
Odoo server or something. Awesome. Someone else could do this too, and
write a webapp that wraps a bank and does evil stuff, this would then
instantly pass all the automated tests and be published in the store
ready for people to start using. This is a bit of a worry. I did install
the HSBC app when I got the phone, but I didn't run it until today when
I figured out how to read the source (it is in
/opt/click.ubuntu.com/hsbc.krysztau) however I fear that I am a bit of
an outlier and most people will run a banking application without first
reading the packaging source and checking for evil stuff.
Perhaps it would be an idea to have a manual review process for webapps
that insert stuff where the developer can't prove that they control the
website in question.
Alan.
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
