Anti-spoofing for prompts
Related to #49
The shell displays prompts in the general use area, the same area the applications use. An application is able to change its appearance to make the display look similar to the way as if something brought up the password prompt.
Legit prompt:
My not very carefully spoofed prompt:
This is likely to confuse people and trick them into giving their secrets to a random application.
To fix the confusion, legit prompts should be unmistakeable. For example, they could occupy a reserved part of the display (they kind of do with the keyboard on the very bottom, but it's subtle). Another example: they could use a reserved signal to train the user to not trust anything without it, e.g. the bottom bar turns into the text "THIS IS LEGIT".