| API |
Action |
Web Content |
Untrusted App |
Trusted App |
Certified App |
Visual Indicator |
Mitigations |
Notes
|
| Geolocation API |
Obtain current location of user |
Explicit (prompt) |
Explicit (prompt) |
Explicit (prompt) |
Implicit |
Yes |
|
|
| IdleAPI |
Detect user inactive |
Explicit (prompt) |
Explicit (prompt) |
Implicit |
Implicit |
No |
Fuzz Idle time to prevent fingerprinting. Enforce minimum time to prevent keystroke inference. |
|
| Battery Status API |
Information about battery charge level and if device is plugged in. |
Implicit |
Implicit |
Implicit |
Implicit |
No |
|
|
| Network Information API |
Get basic information about current network connectivity. |
Implicit |
Implicit |
Implicit |
Implicit |
No |
|
|
| ResourceLock API |
Prevent the screen from being dimmed or switched off |
Implicit |
Implicit |
Implicit |
Implicit |
No |
|
|
| Vibration API |
|
Implicit |
Implicit |
Implicit |
Implicit |
|
Limit how long vibrations can run. Only foreground content can trigger vibration. |
|
| Screen Orientation |
lock screen orientation, detect changes |
Implicit (foreground only) |
Implicit (foreground only) |
Implicit |
Implicit |
No |
Rules regarding fullscreen and iframe ancestors |
|
| WebSMS |
All SMS APIs |
|
|
Explicit (prompt) |
Implicit |
No |
Open question: can trusted app register as a SMS handler. Can\'t replace certified SMS app |
|
| TCP Socket API |
Connect to TCP socket |
|
|
Implicit |
Implicit |
No |
Open question for trusted apps: port/address limitations? Connect only? No listen? |
|
| UDP Datagram Socket API |
Low-level UDP API |
|
|
Implicit |
Implicit |
No |
|
|
| WebTelephony |
All Web Telephony APIs |
|
|
Implicit |
Implicit |
Yes |
Can\'t replace certified dialer |
|
| Alarm API |
Schedule a notification, or for an application to be started, at a specific time. |
|
|
|
Implicit |
No |
|
|
| Background services |
Enable a web application to run in the background and perform tasks like syncing or respond to incoming messages. |
|
|
|
Implicit |
No |
Fuzz Idle time to prevent fingerprinting. Enforce minimum time to prevent keystroke inference. |
|
| Browser API |
Enables implementing a browser completely in web technologies. |
|
|
|
Implicit |
No |
|
|
| Calendar API |
Add/Read/Modify to the device calendar. |
|
|
|
Implicit |
No |
|
|
| Camera API |
This is part of the larger WebRTC effort. This is a big piece of work so see the link. |
|
|
|
Implicit |
No |
|
|
| Contacts API |
Add/Read/Modify the device contacts address book. |
|
|
|
Implicit |
No |
|
|
| Device Capabilities API |
Check if the device has certain capabilities, such as front-facing camera, gps, etc. |
|
|
|
Implicit |
No |
|
|
| Device Storage API |
Add/Read/Modify files stored on a central location on the device. For example the \"pictures\" folder on modern desktop platforms or the photo storage in mobile devices. |
|
|
|
Implicit |
No |
|
|
| HTTP-cache API |
Query what\'s stored in the browsers http-cache. Add/remove entries. Update expiration time. Get data directly from cache. |
|
|
|
Implicit |
No |
|
|
| Keyboard/IME API |
Enables implementing virtual keyboards. |
|
|
|
Implicit |
No |
|
|
| LogAPI |
Allows to register the user activity on the phone. |
|
|
|
Implicit |
No |
|
|
| MobileConnection API |
This exposes information about the current mobile voice and data connection to (certain) HTML content. |
|
|
|
Implicit |
No |
|
|
| PowerManagementAPI |
Turn on/off screen, cpu, device power, etc. Listen and inspect resource lock events. |
|
|
|
Implicit |
No |
|
|
| Push Notifications API |
Allow the platform to send notification messages to specific applications. |
|
|
|
Implicit |
No |
|
|
| Sensor API |
Access to device sensors such as accelerometer, magnetic field (compass), proximity, ambient light etc. |
|
|
|
Implicit |
No |
|
|
| Settings API |
API to configure device settings |
|
|
|
Implicit |
No |
|
|
| Time/Clock API |
Set current time. Timezone will go in the Settings API. |
|
|
|
Implicit |
No |
|
|
| USB file-reading API |
Add/Read/Modify files stored on memory cards and USB keys connected to the device. Get notified when storage devices are connected/disconnected. Will be very similar to the Device Storage API above with a few additional methods. |
|
|
|
Implicit |
No |
|
|
| WebBluetooth |
Low level access to Bluetooth hardware. |
|
|
|
Implicit |
No |
|
|
| WebNFC |
Low level access to NFC hardware. So far focusing on NDEF support. |
|
|
|
Implicit |
No |
|
|
| WebUSB |
Low level access to USB hardware. |
|
|
|
Implicit |
No |
|
|
| WiFi Information API |
Enumerate available WiFi networks, get signal strength and name of currently connected network, etc. |
|
|
|
Implicit |
No |
|
|