WebAPI/Security/Vibration

From MozillaWiki
< WebAPI‎ | Security
Revision as of 21:16, 6 August 2012 by Ladamski (talk | contribs)
Jump to navigation Jump to search

Name of API: Vibration

Reference: http://dev.w3.org/2009/dap/vibration/

Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#

Brief purpose of API: Let content activate the vibration motor

Inherent threats: Obnoxious if mis-used, consume extra battery

Threat severity: low

Regular web content (unauthenticated)

Use cases for unauthenticated code: Vibrate when hit in a game

Authorization model for uninstalled web content: Implicit

Authorization model for installed web content: Implicit

Potential mitigations: Limit how long vibrations can run. Only foreground content can trigger vibration.

Privileged (approved by app store)

Use cases for privileged code: [Same]

Authorization model: Implicit

Potential mitigations:

Certified (system-critical apps)

Use cases for certified code: [Same]

Authorization model: Implicit

Potential mitigations:

Notes

This API may be implicitly granted. User can deny from Permission Manager to over-ride an abusive app. Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.


Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/Vibration&oldid=458285"