I am refloating this thread because of an existing vectors in the clearnet, these type of side-channel attacks would in principle be exploitable on the safe browser:
The campaigns on these vectors are currently quite massive
This topic should be discussed, as the current problems of the existing app markets probably will be the same or maybe even worse on a completely anonymous app marketplace.
The main problem here is that we still leave the last decision to the user, by asking them if they allow certain permissions to their apps, and users either don’t give a crap or don’t have the knowledge to make an informed decision, so they default to pressing yes to everything.
How can we protect the users from themselves?