More visible network permission
In !937 (merged) network access was changed to being a "neutral" permission, with the following justification:
Network access can be used to expand an existing local vulnerability into a remotely exploitable one, or can be used to leak information remotely.
However, it’s also needed by a significant proportion of apps for legitimate purposes.
Therefore, presenting it as a safety warning is not particularly helpful, as it means very few apps ever get labelled as ‘safe’, and most get labelled as ‘potentially unsafe’ due to their network permission. This reduces the utility of the labelling system to the user.
While I agree that the labelling system is less helpful if a majority of apps are labelled potentially unsafe, I do think we need to make a distinction here somehow.
Treating network access as something any app can have with no repercussions invites apps to add it even though it could be avoided, and normalizes it for users. I don't think those are good incentives medium-term.
Potential solutions
For the context tile we could introduce an additional level between potentially unsafe
and safe
, e.g. probably safe
, with either a different (lighter? more yellow?) green or maybe blue.
Inside the dialog I definitely think we should still style network access red, or at the very least yellow. While lots of apps need it, that's no different from access to file system, devices, or anything else. I don't think special treatment makes sense here.