WebAPI/Security/WebTelephony: Difference between revisions

no edit summary
(Created page with "Name of API: Web Telephony References: https://wiki.mozilla.org/WebAPI/WebTelephony *B2G Meta telephony bughttps://bugzilla.mozilla.org/show_bug.cgi?id=699235 *Web Telephony meta...")
 
No edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Name of API: Web Telephony
== WebTelephony ==
References:
https://wiki.mozilla.org/WebAPI/WebTelephony
*B2G Meta telephony bughttps://bugzilla.mozilla.org/show_bug.cgi?id=699235
*Web Telephony meta bug:https://bugzilla.mozilla.org/show_bug.cgi?id=674726


Brief purpose of API: Make and receive phone calls
Brief purpose of API: Make and receive phone calls
Line 18: Line 14:
Threat severity: high to critical, confidential information disclosure and direct financial risk
Threat severity: high to critical, confidential information disclosure and direct financial risk


== Regular web content (unauthenticated) ==
References:
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
*WebAPI: https://wiki.mozilla.org/WebAPI/WebTelephony
Authorization model for uninstalled web content: explicit (web activities)
*B2G Meta telephony bug: https://bugzilla.mozilla.org/show_bug.cgi?id=699235
Authorization model for installed web content: explicit (web activities)
*Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/34LUf50tpKA/discussion
 
== Trusted (authenticated by publisher) ==
Use cases for authenticated code:
* Fun dialers (eg. rotary dialer)
Authorization model: explicit (web activities)
Potential mitigations:
* UI indication (e.g. small blinking phone icon in the top of the screen or status bar) which can not be hidden when a call is active, and user can interact with to manage the call
* We should try to avoid, where possible, giving full telephony API control to an app, just so it can include MyContactList / MyFriendPhoto / MyCoolBackground. Perhaps we should address those use cases through extensibility of our built-in Dialer app. [mhanson]


== Certified (vouched for by trusted 3rd party) ==
{| border="1" class="wikitable"
Use cases for certified code:
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || click on a phone number in an email or browser to dial || No direct access (access via web activities) || When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.
|-
| Installed Web Apps || As Above || No direct access (access via web activities) || As above.
|-
| Privileged Web Apps || As Above || No direct access (access via web activities) || As above.
|-
| Certified Web Apps ||
* Handler for telephony web activities
* Handler for telephony web activities
* Replacement dialer
* Replacement dialer
* Voice conference software (e.g. connect Voip with a mobile call)?
* Voice conference software (e.g. connect Voip with a mobile call)?
* Mediate incoming calls (accept/reject/merge)
* Mediate incoming calls (accept/reject/merge)
* Query transceiver state
* Query transceiver state  
Authorization model: implicit
|| Implicit
Potential mitigations: none
|}
__NOTOC__
 
[[Category:Web APIs]]
[[Category:Security]]
Confirmed users
1,340

edits