Second this. The existing trust system of the web is much preferable to inventing closed store. Plus the web isn't going anywhere.
Here's what should happen:
Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.
It declares what capabilities it needs, but most permissions are temporary and on-demand. Apps that have sensitive perms (mic, camera) are highlighted whenever they use it.
Aggregators, blogs, (heck even governments), trust pilot can all have their own ad hoc review systems and warn against whatever, for those that want. You could even have a pre-installed whitelist for extra safety for non-techies for all I care.
Ready to download? Just press get app. There can even be an option to run the app once if it's something stupid that should have been a web page. Once downloaded, the signature is verified against a tls cert.
> Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.
> It declares what capabilities it needs, but most permissions are temporary and on-demand.
Remember when Android would give you a list of permissions that an app needs and everyone clicked through it because it was impossible to make an informed decision on what the app did?
Absolutely. This is partly a UX problem and partly user education. But yeah requiring all permissions upfront was a terrible model, but that was long ago.
Second this. The existing trust system of the web is much preferable to inventing closed store. Plus the web isn't going anywhere.
Here's what should happen:
Some site says "get our app". Click. A banner shows up showing the app name, icon, screenshots?, highlights the domain.
It declares what capabilities it needs, but most permissions are temporary and on-demand. Apps that have sensitive perms (mic, camera) are highlighted whenever they use it.
Aggregators, blogs, (heck even governments), trust pilot can all have their own ad hoc review systems and warn against whatever, for those that want. You could even have a pre-installed whitelist for extra safety for non-techies for all I care.
Ready to download? Just press get app. There can even be an option to run the app once if it's something stupid that should have been a web page. Once downloaded, the signature is verified against a tls cert.
Something like that.