Comment 4 for bug 1306769
Revision history for this message
| MichaĆ Sawicz (saviq) wrote Re: [Bug 1306769] Re: pinlock snap decision potentially allows malicious app to gain access to user PIN and Passcode | #4 |
On 29.04.2014 11:28, Matthew Paul Thomas wrote:
> What does "meant to be part of the notification stack" mean? That sounds
> like it's assuming the question.
>
> Imagine that ten Skype messages arrive, leading to a 60-second-long
> queue of notification bubbles on top of the lock screen. As soon as you
> see the first bubble, you slide the screen to unlock it so you can see
> any earlier messages and reply. Should Ubuntu wait 60 seconds for the
> notification bubbles to go away before showing you the PIN dialog? Of
> course not. The dialog should appear immediately, regardless of what
> notifications are queued. I don't see why they need to be managed
> together at all.
Snap decisions / dialogs have priority over standard notifications, so
apart from the fact that a single app can't queue multiple notifications
(and should update the one it has instead), the above would not happen
anyway.
Regardless, system dialogs (for which there is no design btw - they are
all considered snap decisions to date, and PIN/passcode dialog is just
thrown on top), need to interact somehow with notifications and snap
decisions. Maybe block them, maybe only show snap decisions but block
notifications, that needs UX design.
I mentioned some time ago that I believe security-sensitive dialogs need
to look very different from what apps can trigger, so that bugs like
this one are limited. But still there are snap decisions with password
entries in the Notifications spec.
The PIN/passcode is currently implemented as a snap decision (albeit
special), we're missing design guidance on how (and which) "dialogs" are
meant to be special.