network plug are not under the manual connection scrutiny. So, every app easily gets access to the home folders, files and network. Which allows the malicious actors to do all kind of shady things. If these plugs are allowed to connect manually, only after a review, and allow the
network-bind and other such plugs to autoconnect only if
network is auto connected. I think, atleast for the current incident could have been stopped. To send users data to a remote location, you need two things atleast, 1. Access to home and 2. Internet. @Igor Can we think on this or am I saying completely wrong? Please correct me, if that’s the case.
There are a lot of considerations here. Let’s see what the Store team comes up with, and then we can see if there are any suggestions or improvements worth adding.