- Items to be reviewed
- 1 Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]
- 2 Any security threats already considered in the design and why?
- 3 Threat Brainstorming (30-40 minutes)
- 4 Conclusions / Action Items (10-20 minutes)
Introduce Feature (5-10 minutes) [can be answered ahead of time to save meeting time]
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
Allowing the Web Platform to send, receive, read and delete SMS messages on a phone (fully implemented for Android and partially for B2G).
The main use case is an SMS application like the stock messaging app you can find on your smartphone.
API-draft link: https://wiki.mozilla.org/WebAPI/WebSMS
What solutions/approaches were considered other than the proposed solution?
WebSMS has always be the considered approach. Though, the API has changed over the time but not significantly.
Why was this solution chosen?
Any security threats already considered in the design and why?
WebAPIs in general needs a security model. WebSMS is one of the most sensitive API because it might access private data, delete private data, disallow you to read private data and send random messages to random people which might cost users money and troubles.
For the moment, there is no security model for WebAPIs so WebSMS comes with its own: navigator.mozSms returns null if the |window| is not allowed to use the WebSMS API. To be allowed to access the API, the API has to be enabled in about:config (dom.sms.enabled has to be true) and the website's prepath has to be whitelisted in the comma-separated list in dom.sms.whitelist (file:// enables local files). Those two options are respectively false and the empty string by default. Except on B2G where they are true and "file://,http://localhost:7777" which allows sms for all pre-installed apps, basically.
It is worth noting that this API can be a very attractive target to malicious developers because you can make money by making the user send text messages to pay-for numbers.
In addition, on Android, Mozilla do not release a Firefox version with Android SMS privileges requested which means even if the about:config options are enabled, it's technically not possible to do anything with WebSMS without recompiling Firefox with the correct build options.