canmove, Confirmed users
1,537
edits
Privacy/Reviews/AndroidSystemStorage: Difference between revisions
Privacy/Reviews/AndroidSystemStorage (view source)
Revision as of 23:43, 29 November 2011
, 29 November 2011→User Data Risk Minimization: proofreading and added dissemination risk
(→User Data Risk Minimization: proofreading and added dissemination risk) |
|||
| Line 162: | Line 162: | ||
= User Data Risk Minimization = | = User Data Risk Minimization = | ||
In this section, | In this section, areas of user data risk are identified and recommendations made for minimizing the risk. | ||
== User | == Accidental Dissemination of User Data == | ||
''The Risk'' is the possibility of syncing user data to Google unexpectedly or undesirably to the user, via storing bookmarks, history, etc in the Android system store | ''The Risk'' is the possibility of syncing user data to Google unexpectedly or undesirably to the user, via storing bookmarks, history, etc in the Android system store | ||
''Requirement:'' There must be explicit messaging that users may need to take action to opt out of having their Firefox for Android data synced to Google ( | ''Requirement:'' There must be explicit messaging that users may need to take action to opt out of having their Firefox for Android data synced to Google. (If they have their phone configured to sync data to Google, which many users will - the change to using system storage and its implications must be communicated loudly and clearly to avoid user surprise). | ||
''Recommendation:'' | ''Recommendation:'' Provide an option to store data separate from the globally accessed store. When enabled, this feature would not use the global system services to store history, bookmarks, and passwords but instead hide them from the rest of the phone and discourage cross-app data sharing on the device. Consider this separate data store as the default storage for Firefox for Android and have users opt in to using system storage. | ||
{{ResolutionBox|{{new|}}}} | |||
== Update and Profile Data Migration == | |||
''The Risk'' is that when users are updated to the new version from a version of Firefox that did not use the system storage service, their data will be copied unintuitively into the shared system databases without the user's knowledge or consent. | |||
''Requirement:'' Any migration of data must be explicitly authorized by the user via consent dialog. ("Would you like to transfer your sync bookmarks into the system DB? If you do this, X and Y will happen. [Yes] [No]") | |||
''Recommendation:'' Migration should not happen automatically. Updating to the new version of Firefox should create a clean profile. Consider offering users a way to pull in their data from Sync, giving information about the potential side-effects of doing this in whatever disclosure explains how to do it. | |||
{{ResolutionBox|{{new|Confirm this: when users update Firefox, it does not migrate the data (starting with a clean profile)}}}} | |||
= Alignment with Privacy Operating Principles = | = Alignment with Privacy Operating Principles = | ||