On systems like Android where if a update to a app requests a new type of permission it earlier didn’t request you will have to review its access before updating. How is this being resolved with silent background updates?
Can for example a malicious calculator update give it access to the camera without the user getting notified about the new permissions? Or can a confined software update itself to classic non-confined and get access to the whole system?
Modern Android actually requests such permissions on use instead of blocking the update.
The snap world works a bit more like that, but there are a few extra details: today snaps cannot yet ask for the interface connection to be established (that will come in an update later), so you need to know that the failure is being caused by a missing interface. Snaps also support a concept of auto-connections, which are approved after a review here in the forum. For example, we do consider cameras to be very sensitive, so these aren’t granted by default without a review. That said, if you are installing a well known video call software, it’s implied that a camera is necessary for those, so the logic is inverted and the granting is automatic, but you can disconnect it.
If I understand you correctly there is a transparent review process in the linked forum upon every change of permission, the snap will in a later update ask the user the first time a new permission is needed, and the user can override any permissions. Correct?
