On 04/06/15 22:07, Krzysztof TataradziĆski wrote:
Hello,
I don't have to much knowledge about programming, so here's my question:
how can we know that unofficial bank webapp don't send our login and
password somewhere else also (i. e. to creator of that webapp)?
Hi, we have discussed this before:
https://lists.launchpad.net/ubuntu-phone/msg12020.html
there is quite a lot that a webapp can do to be evil, and pretty much
nothing stopping it. I really do think that third party webapps should
not be allowed without manual review (maybe chargeable).
If you want to submit a webapp to the store then the store should
generate a random uuid for you, like
87c396ea-0b64-11e5-ae6a-5254008895fb. You then place this at
http://yourwebsite.com/ubuntustorecode, the store checks it is there and
matches and then publishes your app. This way there is no barrier to
publishing webapps for websites that are yours. If you can't do that
(i.e. it isn't your website you are wrapping in extra local
functionality) then you need a manual review. I don't think banking
webapps should be allowed at all unless published by the bank.
Alan.
--
Mailing list: https://launchpad.net/~ubuntu-phone
Post to : ubuntu-phone@lists.launchpad.net
Unsubscribe : https://launchpad.net/~ubuntu-phone
More help : https://help.launchpad.net/ListHelp
