WebAPI Security Discussion:Background API

287 views
Skip to first unread message

Paul Theriault

unread,
May 8, 2012, 7:59:58 PM5/8/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
(Please reply-to dev-w...@lists.mozilla.org)

Name of API: Background API
Reference:
http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/3455cb056e40d095

Related:

Brief purpose of API: Provide for applications to request to remain and
run in the background. It is not intended for pure background services.

General Use Cases:Use cases: Navigation app continuing to run and
provide driving prompts from the background.

Inherent threats: Resource utilization

Threat severity: Low by itself. Could raise the security concerns of
other APIs.

== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Streaming radio station wants to
continue to play in the background.
Authorization model for normal content: Implicit
Authorization model for installed content: Implicit
Potential mitigations:

== Trusted (authenticated by publisher) ==
Use cases for authenticated code:Implicit
Use cases for trusted code:Implicit
Potential mitigations:

== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Implicit
Authorization model:Implicit
Potential mitigations:

Note: This is an API that content can use to request to remain in the
background and not be cleaned up. It could accentuate the security
concerns of other APIs (for example, an app with Camera permission could
be more of a security risk if it can continue recording out of sight of
the user), but it is not a security risk itself. It should be noted in
the App Review Policy about this fact for reviewers to keep in mind.

Paul Theriault

unread,
May 10, 2012, 1:06:17 PM5/10/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, Mozilla B2G mailing list
(Please reply-to dev-w...@lists.mozilla.org)

Name of API: Alarm API
Reference:
https://groups.google.com/d/topic/mozilla.dev.webapi/pkx1uz_pnhQ/discussion

Brief purpose of API:
General Use Cases:Add an alarm (relaunch the app via alarm intentat a
future time)

Inherent threats:Annoyance

Threat severity: Low

== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: Relaunch the app via an alarm
intent at a future time
Authorization model for normal content: None
Authorization model for installed content: Implicit
Potential mitigations: Should be a way to disable alarm for a given app

== Trusted (authenticated by publisher) ==
Same as for installed untrusted app

== Certified (vouched for by trusted 3rd party) ==
Same as for installed untrusted app

Reply all
Reply to author
Forward
0 new messages