Privacy/Reviews/AndroidSystemStorage: Difference between revisions
| Line 30: | Line 30: | ||
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described. | In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described. | ||
'''The main objective of this feature/product is:''' to use the Android System database for storing sync data (bookmarks, history, form data, etc). | '''The main objective of this feature/product is:''' to use the Android System database for storing sync data (bookmarks, history, form data, etc). This allows users to keep their data portable to all apps on the phone. | ||
'''Design Documents''': | '''Design Documents''': | ||
Link to any design or architectural documents here. | ''TODO: Link to any design or architectural documents or bugs here.'' | ||
== Components == | == Components == | ||
There are | There are three major parts to this system: the Sync Service, Firefox Mobile, and the Android System Storage. | ||
=== Firefox Mobile === | === Firefox Mobile === | ||
| Line 53: | Line 53: | ||
|- | |- | ||
| bookmarks, history, passwords, form fill data | | bookmarks, history, passwords, form fill data | ||
| | | in memory (decrypted/recorded), temporarily. | ||
|} | |} | ||
| Line 91: | Line 91: | ||
|} | |} | ||
'''Communication with Android | '''Communication with Android System Storage''' | ||
Android System Storage is used as a database for keeping various bits of browser data. It is a common database used by multiple applications. | |||
{| class="wikitable" | |||
|- | |||
! Direction | |||
! Message | |||
! Data | |||
! Notes | |||
|- | |||
| ''In:'' | |||
| getData | |||
| browser data object | |||
| (bookmark, history item, form data, password, etc) | |||
|- | |||
| ''Out:'' | |||
| storeData | |||
| browser data object | |||
| (bookmark, history item, form data, password, etc) | |||
|} | |||
=== Sync Service (external) === | === Sync Service (external) === | ||
| Line 113: | Line 134: | ||
'''Communication with Firefox Mobile''' | '''Communication with Firefox Mobile''' | ||
(See above section on Firefox Mobile for details of communication) | |||
=== Android System Storage (external) === | |||
The Android System Storage is a common database in the Android OS. All apps given access to this storage have the ability to read/write things like browser history and bookmarks. Firefox on Android will use this storage service to keep in sync with the default browser on the device (as well as any other apps that consume or create this data). | |||
'''Stored Data:''' | |||
There's lots of data in this (third party) system, but for our purposes it will be storing browser data. This data is automatically accessible by the system default browser (and other apps) and synchronized with the phone's owner's google account. | |||
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
! | ! What | ||
! | ! Where | ||
|- | |- | ||
| | | bookmarks, history, passwords, form fill data | ||
| On device, potentially synced to the cloud via google account and other apps. | |||
| | |||
|} | |} | ||
'''Communication with Firefox Mobile''' | |||
(See above Firefox Mobile section for details) | |||
= User Data Risk Minimization = | = User Data Risk Minimization = | ||
Revision as of 21:57, 3 November 2011
Document Overview
| Feature/Product: | Use System Storage on Android |
| Projected Feature Freeze Date: | Q4 2011 |
| Product Champions: | Doug Turner |
| Privacy Champions: | Sid Stamm, Ian Melven |
| Security Contact: | Curtis Koenig |
| Document State: | [NEW] |
Timeline:
| Architectural Overview: | 2-Nov-2011 |
| Recommendation Meeting: | (date TBD) |
| Review Complete ETA: | tbd |
Architecture
In this section, the product's architecture is described. Any individual components or actors are identified, their "knowledge" or what data they store is identified, and data flow between components and external entities is described.
The main objective of this feature/product is: to use the Android System database for storing sync data (bookmarks, history, form data, etc). This allows users to keep their data portable to all apps on the phone.
Design Documents: TODO: Link to any design or architectural documents or bugs here.
Components
There are three major parts to this system: the Sync Service, Firefox Mobile, and the Android System Storage.
Firefox Mobile
This component is the mobile browser application on Android. It is a sync client, and with this new feature, it will also be a Google sync client.
Stored Data:
The data stored in the browser will be kept in the Android Operating System's system storage. These databases are automatically accessible by the system default browser (and other apps) and synchronized with the phone's owner's google account.
| What | Where |
|---|---|
| bookmarks, history, passwords, form fill data | in memory (decrypted/recorded), temporarily. |
Communication with Sync Service
Firefox Mobile communicates with sync services as a sync client. The information it transmits is encrypted before transmission and the decryption key is not available to the Sync Service.
For details see http://docs.services.mozilla.com/storage/apis-1.1.html#apis -- this review documents only the bits of the API involved with storage of data in Android System Storage.
| Direction | Message | Data | Notes |
|---|---|---|---|
| In: | return from GET /storage/collection/id | encrypted sync object (bookmark, history item, form data, password, etc) | |
| return from GET /storage/collection | metadata about the users' data objects on the server | ||
| Out: | GET /storage/collection/id | sync object identifier (unique object ID) | |
| GET /storage/collection | optional parameters for filtering the query | (see the API) |
Communication with Android System Storage
Android System Storage is used as a database for keeping various bits of browser data. It is a common database used by multiple applications.
| Direction | Message | Data | Notes |
|---|---|---|---|
| In: | getData | browser data object | (bookmark, history item, form data, password, etc) |
| Out: | storeData | browser data object | (bookmark, history item, form data, password, etc) |
Sync Service (external)
This (external) component provides synchronization services for Firefox. The data on the server is kept encrypted, and synchronized with Firefox on mobile and desktop. For the purpose of this review, this Sync Service is a data provider for Firefox Mobile.
Stored Data:
The data stored in the Sync Service are all encrypted with a key that is not available to the service (it is kept on the clients).
| What | Where |
|---|---|
| bookmarks, history, passwords, form fill data | Mozilla sync server |
Communication with Firefox Mobile
(See above section on Firefox Mobile for details of communication)
Android System Storage (external)
The Android System Storage is a common database in the Android OS. All apps given access to this storage have the ability to read/write things like browser history and bookmarks. Firefox on Android will use this storage service to keep in sync with the default browser on the device (as well as any other apps that consume or create this data).
Stored Data:
There's lots of data in this (third party) system, but for our purposes it will be storing browser data. This data is automatically accessible by the system default browser (and other apps) and synchronized with the phone's owner's google account.
| What | Where |
|---|---|
| bookmarks, history, passwords, form fill data | On device, potentially synced to the cloud via google account and other apps. |
Communication with Firefox Mobile
(See above Firefox Mobile section for details)
User Data Risk Minimization
In this section, the privacy champion will identify areas of user data risk and recommendations for minimizing the risk.
Alignment with Privacy Operating Principles
In this section, the privacy champion will identify how the feature lines up with Mozilla's privacy operating principles.
See Also: Privacy/Roadmap_2011#Operating_Principles:
Principle: Transparency / No Surprises
(How the feature addresses this)
Recommendations: (what can be improved)
Principle: Real Choice
Recommendations:
Principle: Sensible Defaults
Recommendations:
Principle: Limited Data
Recommendations:
Follow-up Tasks and tracking
| What | Who | Bug | Details |
|---|---|---|---|
| [NEW] Initial Overview Discussion | ? | Meeting time TBD |