WebAPI/Security/WebTelephony: Difference between revisions

m
Line 22: Line 22:
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
Use cases for unauthenticated code: click on a phone number in an email or browser to dial


Authorization model for uninstalled web content: Explicit (web activities)
Authorization model for uninstalled web content: Explicit via web activities


Authorization model for installed web content: Explicit (web activities)
Authorization model for installed web content: Explicit via web activities


Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.
Confirmed users
717

edits