Detect new sensitive permissions and place in re-review queue.

Matching priority of blocking bug

Is this bug still valid? Only packaged apps will have sensitive permissions (right?) and each version will be reviewed anyway rather than being selectively flagged in the re-review queue. (please reopen if this isn't the case)

What happens if a hosted (manifest) app starts asking for new permissions?

(In reply to Chris Van Wiemeersch [:cvan] from comment #3) > What happens if a hosted (manifest) app starts asking for new permissions? from what I understand hosted apps can't get sensitive permissions: https://wiki.mozilla.org/Apps/Security#Open_Web_Apps_Security_and_Privacy_Model (disclaimer: I only skim-read that page :) )

(In reply to Andrew Williamson [:eviljeff] from comment #4) > (In reply to Chris Van Wiemeersch [:cvan] from comment #3) > > What happens if a hosted (manifest) app starts asking for new permissions? > > from what I understand hosted apps can't get sensitive permissions: > https://wiki.mozilla.org/Apps/ > Security#Open_Web_Apps_Security_and_Privacy_Model > (disclaimer: I only skim-read that page :) ) Yeah I understand they don't receive sensitive permissions but it's unclear to me what happens if an app requests them. I assume we fail silently? I don't know?

(In reply to Chris Van Wiemeersch [:cvan] from comment #5) > (In reply to Andrew Williamson [:eviljeff] from comment #4) > > (In reply to Chris Van Wiemeersch [:cvan] from comment #3) > > > What happens if a hosted (manifest) app starts asking for new permissions? > > > > from what I understand hosted apps can't get sensitive permissions: > > https://wiki.mozilla.org/Apps/ > > Security#Open_Web_Apps_Security_and_Privacy_Model > > (disclaimer: I only skim-read that page :) ) > > Yeah I understand they don't receive sensitive permissions but it's unclear > to me what happens if an app requests them. I assume we fail silently? I > don't know? I'd expect it to be ignored, yeah.