WebAPI/Security/Vibration: Difference between revisions

Revision as of 04:16, 24 September 2012

Brief purpose of API: Let content activate the vibration motor. General use cases: Vibrate when hit in a game etc.

Inherent threats: Obnoxious if abused, consume extra battery.

Threat severity: low

Notes:

User can deny from Permission Manager to override an abusive app.
Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.

Type	Use Cases	Authorization Model	Notes & Other Controls
Web Content	As per general use case.	Implicit	Limit how long vibrations can run. Only foreground content can trigger vibration.
Installed Web Apps	As per general use case.	Implicit	Limit how long vibrations can run. Only foreground content can trigger vibration.
Privileged Web Apps	As per general use case.	Implicit	Limit how long vibrations can run. Only foreground content can trigger vibration.
Certified Web Apps	As per general use case.	Implicit	Limit how long vibrations can run. Only foreground content can trigger vibration.

@@ Line 12: / Line 12: @@
 Notes:
-* User can deny from Permission Manager to override an abusive app (not currently implemented).
+* User can deny from Permission Manager to override an abusive app.
 * Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.