[UX/UI] The UI doesn't seem to really communicate the trust level or scope of embedded apps

[ell1e]

I've noticed that the UI doesn't seem to communicate the trust level or scope of embedded apps. For an encrypted messenger that seems somewhat of a UI bug, so I hope I'm reporting this in the correct location.

For example, I'm in a chat group with the word puzzle game "Wonster". This is presented to me with the following message with a button:

While I love this game, it seems unclear from the UI what this means or implies when I launch it. I think the most pressing questions are:

• Who made the code I'm running when I click "Start...", is this some third-party thing or just part of the client? This doesn't seem to be obvious.

• How trusted is the code of whatever opens up after I click "Start...", was it vetted in any way, and if it wasn't, does it use any sort of process isolation or sandboxing from the remaining clients?

• Who is getting what data of what I enter into the game's popup? For example, when I write a chat message, it's pretty clear that the message gets sent to whoever is in the channel. For this game however, it's not obvious whether this is something executed purely locally (even then, where is the code coming from?) or whether it downloads from some foreign server, and what info that server will get about me especially if I interact with this game. It's also not clear where the word of the day that it has me guess is coming from, or whether whoever made this game will get to know that I played it etc.

• Where would I report concerns or bugs with this embedded game, if there were any? I'm assuming if it's a third-party game, it wouldn't be here in this bug tracker.

My apologies if all of this is actually in the UI in an obvious location, and I just missed it. In that case feel free to close the issue.

• Operating System (Linux/Mac/Windows/iOS/Android): Linux
• Delta Chat Version: Desktop 1.48.0 (git: flathub) Core v1.148.7
• Expected behavior: when I click "Start..." I get some sense of the privacy and code trust implications of what opens afterward, through info presented to me by the UI
• Actual behavior: neither the code trust level nor the data flow resulting from this embedded game thing seem to be communicated to the user
• Steps to reproduce the problem: 1. Have somebody start "Wonster" in a group chat, I actually don't know how to even do that, 2. Click the "Start..." button
• Screenshots: see above
• Logs:

[WofWca]

My apologies if all of this is actually in the UI in an obvious location

No, I don't think we have such UI. We have a FAQ entry on webxdc apps (but webxdc apps are not referred to as "webxdc apps" in the UI), but it can hardly be considered an obvious place, or good UX.

[ell1e]

This also means: it can be a privacy risk to open webxdc apps in chats where you don’t trust the members - as you know it from e-mail attachments, where you only open attachments from senders you trust, and not from spammers.

This seems unclear regarding the scope. Does this only concern the mouse clicks and what I do inside the app, or does this mean the app can potentially access whatever I'm doing in Delta Chat outside of the app window? Can it send to other groups than the one I'm in? What are the security implications? This should probably be specified here.

[WofWca]

Just FYI, there is a related (but I guess more specific) discussion: deltachat/deltachat-pages#986

[WofWca]

And I think this issue should belong to https://github.com/deltachat/interface. Please transfer if you agree.

[ell1e]

Okay, I transferred it here: deltachat/interface#79 Edit: oops, now the link should be correct