I'm concerned about the behaviour of how plugins send data to other devices (PC or mobile).
In using KDE Connect to send files and URLs from my phone to a PC, the default behaviour is to accept all and open URLs immediately, with no alternative configuration. This means that KDE Connect "share" can be used to send either a malicious URL or files to a computer without a user knowing about. The URL would be instantly opened and the receiving device could then be infected with further malware or compromised in other ways.
I tried to change this behaviour by adding a notification function into the "share" plugin... but then ended up with errors on my build. [Apparently include "KNotification" doesn't work for the "share" plugin]. However, in thinking about this, shouldn't we have a unified kdeconnect notification sub-system, which allows for any plugin to create a notification in the KDE Connect system tray?
This notification sub-system could also then be a way of ensuring default "sane" security behaviours from plugins. For instance, that plugins first create a notification with some interactive "button" before something is done with the data that is sent. An example would be: I share a URL to a device, a notification pops up with a dismiss button and an "open URL" button. The same would apply to Files, and the Clipboard.
At the moment, it seems each plugin will require its own notification code, which would result in additional work, a lack of code reuse, but most importantly, a major security flaw that could see KDE Connect used to distribute malicious code to other devices.
**I'm very new to Qt coding and don't understand enough about it to do this. I'm willing to learn though and contribute as best I can.