TheEndless...I'm not accusing you of being a fan-boy at all. Just engaging in a healthy debate. You've made some reasonable points, but ultimately I don't think they pan out. The reason I stated that my ECP could not install such a malicious channel is because you implied that it could when you said "Your perfectly harmless ECP app could unknowingly allow the install of such a malicious channel." I was just pointing out that it could not happen with harmless ECPs. Only malicious ECPs would ever install such a channel (ie: it would never be by accident).
"TheEndless" wrote:
There's a major difference there in that you have to be logged into the Roku website to add a channel via the web browser, and automating the install approval process in the web browser is much more involved than just sending a few remote commands via ECP."
I still don't think there is much difference (security-wise) between the website add channel page, and the Roku store add channel screen. Both have the option of turning on or off authentication. With the website, you have the option to "Remember Me", which means no login would be required for malicious software to force an install of the malicious channel via the browser. From there, it is in fact just a matter of submitting a few key strokes to add the channel to the user's account. And conversely, the Roku Channel store would require a PIN if the user chose to have it there. In both cases, the user can choose to turn on or off authentication in order to add a channel. So again, I don't see how this poses an additional security risk beyond what already exists via the web.
But it really does come down to what Roku says. They asked to provide a business case for needing this. I have provided one above. I would also pose the opposite question to Roku...what is the business case of providing it for a public channel? And why does that same case not apply to private channels?
