WebAPI/Security/Battery: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 4: | Line 4: | ||
*https://bugzilla.mozilla.org/show_bug.cgi?id=678694 | *https://bugzilla.mozilla.org/show_bug.cgi?id=678694 | ||
*http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html | *http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html | ||
*https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion | |||
Note from spec: | Note from spec: | ||
The API defined in this specification is used to determine the battery | The API defined in this specification is used to determine the battery | ||
status of the hosting device. The information disclosed has minimal | status of the hosting device. The information disclosed has minimal | ||
impact on privacy or fingerprinting, and therefore is exposed without | impact on privacy or fingerprinting, and therefore is exposed without | ||
permission grants. For example, authors cannot directly know if there is | permission grants. For example, authors cannot directly know if there is | ||
a battery or not in the hosting device. | a battery or not in the hosting device. | ||
Brief purpose of API: | Brief purpose of API: | ||
| Line 29: | Line 30: | ||
Potential mitigations: None | Potential mitigations: None | ||
== | == Privileged (approved by app store) == | ||
Use cases: Same | Use cases: Same | ||
| Line 36: | Line 37: | ||
Potential mitigations: None | Potential mitigations: None | ||
== Certified ( | == Certified (system-critical apps) == | ||
Use cases: Same | Use cases: Same | ||
| Line 43: | Line 44: | ||
Potential mitigations: None | Potential mitigations: None | ||
== Notes == | |||
Should have a setting to disable this in privacy settings | |||
__NOTOC__ | |||
Revision as of 23:36, 6 August 2012
Name of API: Battery API
Reference:
- https://bugzilla.mozilla.org/show_bug.cgi?id=678694
- http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
- https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion
Note from spec:
The API defined in this specification is used to determine the battery status of the hosting device. The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants. For example, authors cannot directly know if there is a battery or not in the hosting device.
Brief purpose of API:
General Use Cases: Adjust app behavior based upon power status
Inherent threats: Fingerprinting, abuse of battery?
Threat severity: Low
Regular web content (unauthenticated)
Use cases: Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
Privileged (approved by app store)
Use cases: Same
Authorization mode: Implicit
Potential mitigations: None
Certified (system-critical apps)
Use cases: Same
Authorization model: Implicit
Potential mitigations: None
Notes
Should have a setting to disable this in privacy settings