WebAPI/Security/Battery
Jump to navigation
Jump to search
Name of API: Battery API
Reference:
- https://bugzilla.mozilla.org/show_bug.cgi?id=678694
- http://dvcs.w3.org/hg/dap/raw-file/tip/battery/Overview.html
- https://groups.google.com/d/topic/mozilla.dev.webapps/vNhpn299aG0/discussion
Note from spec:
The API defined in this specification is used to determine the battery status of the hosting device. The information disclosed has minimal impact on privacy or fingerprinting, and therefore is exposed without permission grants. For example, authors cannot directly know if there is a battery or not in the hosting device.
Brief purpose of API:
General Use Cases: Adjust app behavior based upon power status
Inherent threats: Fingerprinting, abuse of battery?
Threat severity: Low
Regular web content (unauthenticated)
Use cases: Same
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations: None
Privileged (approved by app store)
Use cases: Same
Authorization mode: Implicit
Potential mitigations: None
Certified (system-critical apps)
Use cases: Same
Authorization model: Implicit
Potential mitigations: None
Notes
Should have a setting to disable this in privacy settings