We have moved to a new Sailfish OS Forum. Please start new discussions there.
9

Privacy protection in harbour apps

asked 2016-08-28 12:29:25 +0200

bomo gravatar image

updated 2016-08-28 12:29:43 +0200

I've read that jolla applies several restrictions to apps that are being released in the harbour (some of these restrictions are mentioned in https://harbour.jolla.com/faq), but what are those restrictions precisely?

Can an harbour app e.g.

  1. Access the contacts ?
  2. Access the calendar ?
  3. Access Emails ?
  4. See which email accounts (email addresses and passwords) are configured ?
  5. Access the clipboard ?
  6. Run other apps ?
  7. Scan nearby wifi hotspots ?
  8. Access configured wifi hotspots (username, password, BSSID) ?
  9. Read phone and SIM identifiers (IMEI, IMSI, ... ) ?

How does jolla check whether an closed source app complies with these restrictions?

edit retag flag offensive close delete

1 Answer

Sort by » oldest newest most voted
5

answered 2016-08-28 13:40:05 +0200

Rikujolla gravatar image

I'll answer to #7. The answer is YES. Harbour app can scan wifis nearby. I have made an harbour app 'At work' which has a feature to scan wifis nearby to accumulate working hours data. I do not see this a privacy problem, because the data is not sent outside the phone. To increase the trust for my app not to hurt the privacy I publish the code in github.

edit flag offensive delete publish link more

Comments

3

Thanks for your answer. Per se, I agree that its not a privacy issue as long as I know what the app is doing with that data. This, however, requires the app to be open source. For closed source apps, which I tried to address with question in particular, I can never be sure what (else) the app is doing with the gathered data.

bomo ( 2016-08-28 14:01:09 +0200 )edit
5

This is not about @Rikujolla's app but about Harbour in general. Having a source on Github is no guarantee that the app you are installing is built from the same sources. You still have to trust the developer (or whoever uploaded it). In this sense, Maemo's autobuilder was far superior: you uploaded the sources and the package was built and published automatically from those sources, but more importantly, publushed together with those sources. So you had the guarantee that the sources and the binaries were closely coupled, should you ever want to check something.

pichlo ( 2016-08-28 14:52:22 +0200 )edit
1

Yes, the risk is less with open apps. Still I would like to see a world where the source and binary are more tightly connected. That could be achievid with srpms, but that is not commonly used. (Currently I can't even make a srpm. Maybe one day.) EDIT, I would like to see that autobuilder process commented @pichlo also in Harbour or in OpenRepos

Rikujolla ( 2016-08-28 14:55:29 +0200 )edit
Login/Signup to Answer

Question tools

Follow
8 followers

subscribe to rss feed

Stats

Asked: 2016-08-28 12:29:25 +0200

Seen: 438 times

Last updated: Aug 28 '16

Related questions

Using the volume rocker from native Sailfish applications

Roundtable discussion: Jolla Harbour APIs [answered]

What is the best maps/navigation application to use on Jolla? [answered]

Browser: Support for custom search engines [answered]

Bug: Gallery photos cannot be shared without metadata to Twitter/Facebook [released]

Make API for account sharing

Private mode in web browser [released]

HowTo: Connecting to Jolla via SSH over USB [answered]

Enhance security & privacy options for native Apps

Clarification of open-source policy [answered]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49