[I submitted this to the Feedback portal: FB7750481]
I’ve built a Safari App Extension (not using the recently-announced Web Extensions) which allows users to show and hide user-generated comments on websites, hiding by default. It lets users see comments with a single click of a toolbar button. It then remembers their choice in an encrypted whitelist. I use my toolbar button’s icon to indicate the current state of the content blocker to the user.
Because this is a general-purpose App Extension compatible with any website, I must request the All level for SFSafariWebsiteAccess. Otherwise I can’t indicate to the user whether or not their extension is active on any given page.
Safari 14 introduces new permission request dialogs for when a user turns on an extension which requests sensitive browsing activity information. As far as I can tell, developers have no means to justify these requests and provide more context, so users may be left with unanswered questions when they try to turn on an extension.
[An example of this is as follows:]
Are you sure you want to turn on the extension "Example Extension?"
This extension can see all your browsing history.
[ Cancel ] [ Turn On ]
My use of this data is very innocuous. I simply use it to let the user know where the extension is active, and to store a whitelisted site. I don’t track users and I don’t share or sell their info. I have no way to tell them this at the point where they would most likely have questions about it.
There are well-established Info.plist keys for requesting permission from the user for use of their private data and giving them more context. Examples include NSLocationWhenInUseUsageDescription, NSCameraUsageDescription, NSMicrophoneUsageDescription, and many others. I am requesting a similar kind of plist key which would describe the required permissions to the user so they can understand how their data will be used and make an informed choice.
I’ve built a Safari App Extension (not using the recently-announced Web Extensions) which allows users to show and hide user-generated comments on websites, hiding by default. It lets users see comments with a single click of a toolbar button. It then remembers their choice in an encrypted whitelist. I use my toolbar button’s icon to indicate the current state of the content blocker to the user.
Because this is a general-purpose App Extension compatible with any website, I must request the All level for SFSafariWebsiteAccess. Otherwise I can’t indicate to the user whether or not their extension is active on any given page.
Safari 14 introduces new permission request dialogs for when a user turns on an extension which requests sensitive browsing activity information. As far as I can tell, developers have no means to justify these requests and provide more context, so users may be left with unanswered questions when they try to turn on an extension.
[An example of this is as follows:]
Are you sure you want to turn on the extension "Example Extension?"
This extension can see all your browsing history.
[ Cancel ] [ Turn On ]
My use of this data is very innocuous. I simply use it to let the user know where the extension is active, and to store a whitelisted site. I don’t track users and I don’t share or sell their info. I have no way to tell them this at the point where they would most likely have questions about it.
There are well-established Info.plist keys for requesting permission from the user for use of their private data and giving them more context. Examples include NSLocationWhenInUseUsageDescription, NSCameraUsageDescription, NSMicrophoneUsageDescription, and many others. I am requesting a similar kind of plist key which would describe the required permissions to the user so they can understand how their data will be used and make an informed choice.