Applications within a social application container do not automatically have access to a user’s social profiles, activity streams, and friendships—that would be a major security concern. Containers usually require that the application define the permission scopes it needs access to. As shown in Figure 1-8, these scopes will be requests that a user must agree to when installing the application.
Each container may define different scopes or even include a number of nonsocial scopes that a container may gain access to. Once the user accepts the scopes, the container can do things on his behalf. For the three aforementioned social scopes, these things may respectively include:
Allowing the application to capture all information within the user’s profile.
Allowing the application to obtain any activities in the user’s activity stream and to push new activities to this stream on the user’s behalf.
Allowing the application to obtain the profiles for all of the user’s friends. Although those friends have not necessarily added the application, once a user declares that someone is his friend, it establishes a trust relationship, and applications capitalize on this. Essentially, the user trusts that friend with his personal information. When that friend in turn trusts an application with her information, there exists a trust “bridge” between the application and the friends. Some containers impose restrictions on how much social information can be obtained with these predefined trust relationships.