PolicyKit should allow application to describe, why it needs certain privileges
and consult this with community.

Some applications in Android shown messages, which try clarify why it needs
privileges. Why not integrate this mechanism into PolicyKit. Most people trust
more application, when it show this kind of message without thinking if it does
really do this task and need this privileges.

We could solve this social engineering attacks by:
1. Allowing application to describe problem - description should be shown on
PolicyKit agent.
2.Gather executable information, like hash, app name, etc.
3 Add button search in web database - PoliKit should search for gathered
information and message
4. When user click on search in database and no result, add button consult on
web forum - gathered information + message should be pasted on web forum

Step 2: if software is malicious, PolicyKit agent would show warning
Step 3: we open up web browser. User could consult and perform task again

Why this way to attack? There is no way to generate many good looking
description of problem. Attackers could write human-readable message, but in
most cases do not have enough human resources to write messages in many
languages and each with proper grammar. Also, user would be alerted, when we
try to install font and PolicKit agent show something like that shown:

Software Arial font installer requires UDisk 2 to take action: form /dev/sda1
into btrfs. Reason is: We need to install font.

Sounds good, huh?
Yes, attackers use social engineering to attack. He/She must found solution to
asks user to give permission and showing reason message will increase security,
in some cases.