WebAPI/Security/Battery: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(4 intermediate revisions by one other user not shown)
Line 1: Line 1:
Name of API: Battery API
== Battery API ==
 
General Use Cases: Adjust app behavior based upon power status


Reference:  
Reference:  
Line 6: Line 8:
*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion
*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion


Note from spec:
Note from the W3C spec:
  The API defined in this specification is used to determine the battery
  The API defined in this specification is used to determine the battery
  status of the hosting device. The information disclosed has minimal
  status of the hosting device. The information disclosed has minimal
Line 12: Line 14:
  permission grants. For example, authors cannot directly know if there is
  permission grants. For example, authors cannot directly know if there is
  a battery or not in the hosting device.
  a battery or not in the hosting device.
Brief purpose of API:
General Use Cases: Adjust app behavior based upon power status


Inherent threats: Fingerprinting, abuse of battery?
Inherent threats: Fingerprinting, abuse of battery?
Line 21: Line 19:
Threat severity: Low
Threat severity: Low


== Regular web content (unauthenticated) ==
{| border="1" class="wikitable"
Use cases: Same
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || Same as general || Unrestricted ||
|-
| Installed Web Apps || Same as general || Unrestricted ||
|-
| Privileged Web Apps || Same as general || Unrestricted ||
|-
| Certified Web Apps || Same as general || Unrestricted ||
|}


Authorization model for normal content: Implicit


Authorization model for installed content: Implicit
__NOTOC__
 
Potential mitigations: None


== Privileged (approved by app store) ==
[[Category:Web APIs]]
Use cases: Same
[[Category:Security]]
 
Authorization mode: Implicit
 
Potential mitigations: None
 
== Certified (system-critical apps) ==
Use cases: Same
 
Authorization model: Implicit
 
Potential mitigations: None
 
== Notes ==
Should have a setting to disable this in privacy settings
 
__NOTOC__

Latest revision as of 23:40, 1 October 2014

Battery API

General Use Cases: Adjust app behavior based upon power status

Reference:

Note from the W3C spec: 

The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without  
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.

Inherent threats: Fingerprinting, abuse of battery?

Threat severity: Low

Type Use Cases Authorization Model Notes & Other Controls
Web Content Same as general Unrestricted
Installed Web Apps Same as general Unrestricted
Privileged Web Apps Same as general Unrestricted
Certified Web Apps Same as general Unrestricted
Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/Battery&oldid=1021331"