WebAPI/Security/Battery: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Battery API
== Battery API ==
 
General Use Cases: Adjust app behavior based upon power status


Reference:  
Reference:  
*https://bugzilla.mozilla.org/show_bug.cgi?id=678694
*https://bugzilla.mozilla.org/show_bug.cgi?id=678694
*http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
*http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion


Note from spec:<br>
Note from the W3C spec:
The API defined in this specification is used to determine the battery
The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without   
impact on privacy or fingerprinting, and therefore is exposed without   
permission grants. For example, authors cannot directly know if there is
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.
a battery or not in the hosting device.
 
Brief purpose of API:
 
General Use Cases: Adjust app behavior based upon power status


Inherent threats: Fingerprinting, abuse of battery?
Inherent threats: Fingerprinting, abuse of battery?
Line 20: Line 19:
Threat severity: Low
Threat severity: Low


== Regular web content (unauthenticated) ==
{| border="1" class="wikitable"
Use cases: Same
! Type
 
! Use Cases
Authorization model for normal content: Implicit
! Authorization Model
 
! Notes & Other Controls
Authorization model for installed content: Implicit
|-
 
| Web Content || Same as general || Unrestricted ||
Potential mitigations: None
|-
 
| Installed Web Apps || Same as general || Unrestricted ||
== Trusted (authenticated by publisher) ==
|-
Use cases: Same
| Privileged Web Apps || Same as general || Unrestricted ||
 
|-
Authorization mode: Implicit
| Certified Web Apps || Same as general || Unrestricted ||
 
|}
Potential mitigations: None
 
== Certified (vouched for by trusted 3rd party) ==
Use cases: Same


Authorization model: Implicit


Potential mitigations: None
__NOTOC__


Note: Should have a setting to disable this in privacy settings
[[Category:Web APIs]]
[[Category:Security]]

Latest revision as of 23:40, 1 October 2014

Battery API

General Use Cases: Adjust app behavior based upon power status

Reference:

Note from the W3C spec: 

The API defined in this specification is used to determine the battery
status of the hosting device. The information disclosed has minimal
impact on privacy or fingerprinting, and therefore is exposed without  
permission grants. For example, authors cannot directly know if there is
a battery or not in the hosting device.

Inherent threats: Fingerprinting, abuse of battery?

Threat severity: Low

Type Use Cases Authorization Model Notes & Other Controls
Web Content Same as general Unrestricted
Installed Web Apps Same as general Unrestricted
Privileged Web Apps Same as general Unrestricted
Certified Web Apps Same as general Unrestricted
Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/Battery&oldid=1021331"