Well, it’s demonstrably impossible to guarantee the app won’t lie (open source offers no practical solution for this). So yes, I do have strong reservations.
Haha no worries. I look at access control as a fundamentally technical problem with some serious user interface issues.
Firstly, we need a foundation that delivers on the promises and philosophy of the Safe Network: principle of least privilege, unprecedented privacy assurances, paranoia squared, and so on.
Then, it’s time to make it user friendly.
Any significantly complex app will need to access a number of different things, some read-only and some read-write. As long as it can’t write anything that’s publicly accessible, you are safe in theory. However, it’s not the app’s business what is private or not, and we humans tend to be awful at keeping track of such things. So, why not delegate it to a sufficiently capable access control system?
For example, what if I have a list of destination folders for my phone app, some of why are public, some of which are private? I could add a time limit to my private folder (“ask again if not accessed for an hour”) to make sure I don’t make silly mistakes.
Or, what if I use one of my apps to organize my photos so it has RO access to my private photos folder (sounds safe, it can’t mess up anything, right) but RW access to my public folder? It can start copying stuff from private to public, which may or may not be a good idea. To be honest, this use case requires a lot more thought than time limits and such. Basically, it’s the question of putting a virtual air-gap between different facets of life, sort of how the OS facilitated copy/paste feature of Qubes OS does it.
It’s the problem of delegation and the reason why capabilities are the way to go. ACLs have no way to deal with delegation but it comes naturally with capabilities.
How do you differentiate between the two? Both storing and publishing mean “writing stuff on the network” from a technical point of view. Unless, of course, we come up with the concept of “dedicated app storage” which sounds cute for a masters degree final project but it’s a lot less sexy for the Internet of the Future™