WebAPI/Security/OpenWebApp

From MozillaWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Name of API: Open Web App API

Reference:

Brief purpose of API: The Open Web Apps JavaScript API is a programmatic interface for installing Web apps and for managing a client-side collection of Web apps that a user has installed.

General Use Cases:

  • Install an app - navigator.mozApps.install(url, [install_data])
  • A web page can check if it is installed - navigator.mozApps.getSelf()
  • Return a list of installed apps installed by this domain - navigator.mozApps.getInstalled()

Inherent threats:

  • Installation grants some minor additional privileges
  • Access to install an app on another domain introduces risks
  • Privacy (users can be identified by list of apps)

Threat severity: Low for Installation API, High for Management API

Regular web content (unauthenticated)

Use cases for unauthenticated code: Just the general cases as above.

Authorization model for normal content: Explicit for install (OS Mediated), Implicit for check status

Authorization model for installed content: Explicit for install (OS Mediated), Implicit for check status

Potential mitigations: getInstalled() only returns the apps installed by the current domain

Privileged (approved by app store)

Use cases for privileged code:

  • A "dashboard" can manage and launch Apps on the users behalf
  • A "dashboard" can monitor the state of logged in applications

Authorization model:

  • Explicit for Install, Launch and Remove Apps (OS Mediated)
  • Implicit for non-state changing operations related to querying about their own state

Potential mitigations:

  • uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [Fabrice] I don't think that a user expects one app to be able to silently uninstall another app just because it initiated the install in the first place.[Lucas]

Certified (system-critical apps)

Use cases for certified code: Same as trusted

Authorization model: Implicit

Potential mitigations:

  • Only certified apps can use mgmt.getAll() to see cross-stores installs. [Fabrice]
  • Warn when downloading large updates over cellular
Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/OpenWebApp&oldid=1021342"