In Issue #362, @annevk raised the issue that the "authenticity" of the permission granting step for screen selection is problematic in insecure contexts.

@annevk can you provide any examples where this issue is addressed concretely in other specs/APIs?