I would like to certify a smartapp based on some rules. As all we know, given device capabilities and inputs at installation time. A developer is free to develop any logic in the app and in some cases an adversary can inject some code to change the logic of an app.
Therefore, my question is that: Can we declare a set of rules that shows the dangerous or unwanted behavior of an app? For instance, “no app should have this rule when presence sensor is inactive open my door” or another rule “no app should get my location and send SMS message or PUT request (as an app can exfiltrate my location).”
What do you think? Can we extend this list to have more secure apps?