Application Settings
An settings panel with information and controls for each application.
Goals
- View and modify permissions on a per-application basis. Relevant cases:
- Revoking a single permission that was mistakenly granted, or was only intended to be temporary
- Reviewing the overall permissions and abilities that a particular app has - useful for the privacy conscious, or if someone has concerns about a particular app
- Surface application sandboxing and permissions
- This is a way of advertising the privacy features in next-generation application frameworks. It is also a way of framing the model and explaining other interactions that users might have around application privacy and permissions.
- Be a one-stop shop for application management
- This is a trickier goal and would benefit from more detail and some common use cases, but there is an opportunity here to bring together all the different ways that applications interact with (and impact on) the system.
Non-Goals
- This is not Software:
- Not a place for installing/removing applications
- Not a place for getting rich information about applications (descriptions, screenshots, websites, authors, etc)
- This is not the place to do resource usage diagnostics or management - that's for the System Monitor/Disk Usage Analyser/Usage
Relevant Art
Mac
iOS
Windows
Android
Apps & notifications:
- Lists apps. For each one:
- Notification settings
- Permission settings (contacts, storage, phone...)
- Data usage (stats, background data setting, unrestricted data usage setting)
- Battery usage - stats
- Open by default - URI handlers,
- "Details" - where it was installed from, a link to the store, version
- Notifications:
- List of apps and per-app settings
- General settings
- App permissions (for each, indicates how many apps have permission, allows a list to be opened with per-app controls):
- Body sensors
- Calendar
- Camera
- Contacts
- Location
- Microphone
- Phone
- SMS
- Storage
Snaps on Ubuntu
Discussion
Other relevant GNOME settings panels:
Questions and issues:
- How to allow link in with viewing permissions by permission (example: all apps with access to the camera)?
- What to do about the default app settings?
- What to do about the mimetype settings in Files?
Technical notes
System access permissions that should probably be exposed to the user for sandboxed apps:
- Portal access (requested on demand):
- Send notifications. This is already exposed in the notification settings, and does apply to sandboxed apps (as well as non-sandboxed ones, which might be confusing, since it can't really be enforced in that case). Every app can send notifications by default, but this permission can be revoked. This is a tri-state: yes/no/ask
- Access microphone(s): This is a tri-state: yes/no/ask
- Play sound: This is a tri-state: yes/no/ask
- Access location information: This is a tri-state:yes/no/ask
- URI and mime handlers. We will ask the user a few times, and if the answer stays the same, just use it after exceeding a threshold
- http is special cased, we don't ask for that
- Exported files, and access permissions: read/write/delete
- Pre-defined sandbox permissions (these permissions are built into the application. They can be overridden, but that is likely to affect the applications functionality):
- Access the network (inform the user, but don't provide a setting - it will probably break the app)
- Level of filesystem access
- entire filesystem
- entire users home directory
- xdg dirs
- readonly vs writable
- Store settings in dconf
- Access the users ssh keys
- Access to the system bus
System access permissions that probably should not be exposed:
- Access to X11/Wayland
- Access to the session bus
- Access to the gpu (/dev/dri)
- Allow creating vms (/dev/kvm)
Tentative Design
See Also