WebAPI/Security/Vibration
Jump to navigation
Jump to search
Vibration
Brief purpose of API: Let content activate the vibration motor.
General use cases: Vibrate when hit in a game,
Reference: http://dev.w3.org/2009/dap/vibration/
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#
Inherent threats: Obnoxious if abused, consume extra battery.
Threat severity: low
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Installed Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Privileged Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Certified Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
Notes
This API may be implicitly granted. User can deny from Permission Manager to override an abusive app. Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.