I want web apps with elevated privileges to be vetted
Submitted by A. L.
Web apps try to keep feature parity with native apps and that’s a good thing. Local file access, USB device access, network access, and control over camera and microphone are great features, but they can also be abused by rogue site. If there’s a big enough breach of public trust, it could undermine the whole web ecosystem.
If a web app wants sensitive privileges, there should be a means by which some authority, perhaps the browsers, review and vet that code, similar to how it happens in app stores for other software. Additionally, it would be useful to have some means of validating whether the code accessing these sensitive APIs has changed and may no longer be trustworthy.
I recognize this is challenging as the content exists on the web as opposed to in a package or binary, but this is an area worth exploring for the privacy and security of our users.