Confirmed users
717
edits
WebAPI/Security/Vibration: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "Name of API: Vibration Reference: http://dev.w3.org/2009/dap/vibration/ Brief purpose of API: Let content activate the vibration motor Inherent threats: Obnoxious if mis-used, ...") |
No edit summary |
||
| Line 5: | Line 5: | ||
Inherent threats: Obnoxious if mis-used, consume extra battery | Inherent threats: Obnoxious if mis-used, consume extra battery | ||
Threat severity: low | Threat severity: low | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: Vibrate when hit in a game | Use cases for unauthenticated code: Vibrate when hit in a game | ||
Authorization model for uninstalled web content: Implicit | Authorization model for uninstalled web content: Implicit | ||
Authorization model for installed web content: Implicit | Authorization model for installed web content: Implicit | ||
Potential mitigations: Limit how long vibrations can run. Only foreground content can trigger vibration. | Potential mitigations: Limit how long vibrations can run. Only foreground content can trigger vibration. | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code:[Same] | Use cases for authenticated code:[Same] | ||
Authorization model: Implicit | Authorization model: Implicit | ||
Potential mitigations: | Potential mitigations: | ||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases for certified code: | Use cases for certified code: | ||
Authorization model: Implicit | Authorization model: Implicit | ||
Potential mitigations: | Potential mitigations: | ||
Notes: This API may be implicitly granted. User can deny from Permission Manager to over-ride an abusive app. | Notes: This API may be implicitly granted. User can deny from Permission Manager to over-ride an abusive app. | ||
Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content. | Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content. | ||