WebAPI/Security/Battery: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
== Battery API === | |||
General Use Cases: Adjust app behavior based upon power status | |||
Reference: | Reference: | ||
| Line 6: | Line 8: | ||
*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion | *https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion | ||
Note from spec: | Note from the W3C spec: | ||
The API defined in this specification is used to determine the battery | The API defined in this specification is used to determine the battery | ||
status of the hosting device. The information disclosed has minimal | status of the hosting device. The information disclosed has minimal | ||
| Line 12: | Line 14: | ||
permission grants. For example, authors cannot directly know if there is | permission grants. For example, authors cannot directly know if there is | ||
a battery or not in the hosting device. | a battery or not in the hosting device. | ||
Inherent threats: Fingerprinting, abuse of battery? | |||
Threat severity: Low | |||
{| border="1" class="wikitable" | |||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
! Notes & Other Controls | |||
|- | |||
| Web Content || None || No access | |||
|- | |||
| Installed Web Apps || None || No access | |||
|- | |||
| Privileged Web Apps || None || No access | |||
|- | |||
| Certified Web Apps || Notify an app if the user is idle. || Implicit | |||
|} | |||
Brief purpose of API: | Brief purpose of API: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Revision as of 03:33, 24 September 2012
Battery API =
General Use Cases: Adjust app behavior based upon power status
Reference:
- https://bugzilla.mozilla.org/show_bug.cgi?id=678694
- http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
- https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion
Note from the W3C spec:
The API defined in this specification is used to determine the battery status of the hosting device. The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants. For example, authors cannot directly know if there is a battery or not in the hosting device.
Inherent threats: Fingerprinting, abuse of battery?
Threat severity: Low
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | None | No access | |
| Installed Web Apps | None | No access | |
| Privileged Web Apps | None | No access | |
| Certified Web Apps | Notify an app if the user is idle. | Implicit |
Brief purpose of API:
Regular web content (unauthenticated)
Use cases: Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
Privileged (approved by app store)
Use cases: Same
Authorization mode: Implicit
Potential mitigations: None
Certified (system-critical apps)
Use cases: Same
Authorization model: Implicit
Potential mitigations: None
Notes
Should have a setting to disable this in privacy settings