Two weeks ago Oliver Goldman from Adobe wrote a post where he reveals that the warning about installing an Air application will stay in the next version, even if you choose to publish an application that do not access the user file system.
I personally think that this will tarnish the reputation of Air. I so have asked him in a comment why not display the warning before the application asks to access the file system, while offering at the same time an option to ask to never display this warning again. Surprisingly Oliver reacts to my comment in a second post. All I can say is that he doesn't like the "just in time warning" solution. 🙂
Before this post I was convinced that there will be two ways to publish an Air application. The one that only uses network access (with subtleties regarding a dedicated folder for each application, SQLite and a Shared Object) and the other that uses full file system access and could possibly pushes data to the internet but warn the user that it will.
I love Air, I love Flash desktop applications since a long time, I'm their first fan, but letting Air freely access the user file system is a good thing but also the worst argument against it. What differentiates Air from SWFStudio, mProjector or any other Flash desktop application is the badge and the ability to continue to run an application from the web to the desktop. It's what attracted me first with Air. Air sells the ability to continue to use the web on the desktop. By doing this it tells the user that it is as secure as the web on the desktop, we must respect this.
I think there is no need to warn the user if there is no risk. If Air need to access the file system we must warn them, but please do not tell that installing an Air application is a risk for them whatever they do. Most of applications will not need file system access (other than SQlite, dedicated folder or Shared Object), if they will, the message will be shown without penalizing applications that do not access the file system.
--- sorry, this post is not clear at all, I must add the following content to clarify what it wants to say ---
I agree with Oliver, warn the user at the installation of an "unrestricted" application is mandatory. And if we already have warn them we must not display any warning messages anymore in the application. My solution would have been valid only during the period when we cannot publish "restricted" application.
But I'm not convinced that users will continue to have "security risk" and "unknown publisher" warnings, even in "restricted" mode. The real problem emerging under that choice is "Air could or couldn't be as secure as a web browser in restricted mode" and Adobe could or couldn't delete those warnings in "restricted" mode.