And how well they deal with security. I look forward to the day when a malware-distributing webpage can pwn millions of phones without being detected...
> And how well they deal with security. I look forward to the day when a malware-distributing webpage can pwn millions of phones without being detected...
Exploits are always possible on any platform, of course, but the web is sandboxed by design and has been hardened against attacks for many years. It's as secure or more than other platforms like Java or the iOS app model.
MY first reaction was about security as well. This change of paradigm is a recipe for disaster if security is not considered from the beginning because most of the assumptions change. If it's not done carefully (things like segregation between apps, access control to privileged JavaScript, etc)... it is going to pretty painful.
Firefox already has all that. A good part of the browser is written in JS which runs with high privileges (full filesystem access, full network access, etc) while the code on websites doesn't. It already has systems for unprivileged JS to request access to certain privileged APIs (location, localStorage, etc). "Apps" - websites - are already segregated and run in their own sandbox.
I know, and we have constantly lived along the edge of the cliff because of that. From a perspective of security it was a very poor design decision. By making those decisions you create a big security burden, the attack surface is very large, the impact of bugs is very large. These are the types of security consideration that have to happen at design time. In this case I would like to know more about, maybe it's being considered but not being discussed.
How is this any different than a popular app on the Android Market or an exploit in the same webpage affecting Mobile Webkit. This seems like a really random absurd scenario.
EDIT: uh, downvotes?