WebAPI/Security/SMS: Difference between revisions
No edit summary |
No edit summary |
||
| Line 17: | Line 17: | ||
Use cases for unauthenticated code: App prompts user to send SMS | Use cases for unauthenticated code: App prompts user to send SMS | ||
Authorization model for uninstalled web content: Explicit | Authorization model for uninstalled web content: Explicit via web activities | ||
Authorization model for installed web content: Explicit | Authorization model for installed web content: Explicit via web activities | ||
Potential mitigations: | Potential mitigations: | ||
== | == Privileged (approved by app store) == | ||
Use cases for | Use cases for privileged code: Full-featured SMS app. Read & send SMS. | ||
Authorization model: Explicit | Authorization model: Explicit | ||
Potential mitigations: | Potential mitigations: Set thresholds or warnings on premium numbers. Only allow sending of SMS's to user-provided contacts. Show OS confirmation of message before sending. | ||
== Certified ( | == Certified (system-critical apps) == | ||
Use cases for certified code: SMS app | Use cases for certified code: SMS app | ||
Revision as of 21:22, 6 August 2012
Name of API: Web SMS API
References: https://bugzilla.mozilla.org/show_bug.cgi?id=674725
Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/58a66963732b09a0/9ae97f65a9e74c78
Brief purpose of API: Send and receive SMS messages
General Use Cases: None
Inherent threats:
- Sending an SMS costs user money, premium SMS services, SMS payments etc
- Receiving SMS has privacy implications, SMS also used for 2-factor authentication
Threat severity: critical per https://wiki.mozilla.org/Security_Severity_Ratings
Regular web content (unauthenticated)
Use cases for unauthenticated code: App prompts user to send SMS
Authorization model for uninstalled web content: Explicit via web activities
Authorization model for installed web content: Explicit via web activities
Potential mitigations:
Privileged (approved by app store)
Use cases for privileged code: Full-featured SMS app. Read & send SMS.
Authorization model: Explicit
Potential mitigations: Set thresholds or warnings on premium numbers. Only allow sending of SMS's to user-provided contacts. Show OS confirmation of message before sending.
Certified (system-critical apps)
Use cases for certified code: SMS app
Authorization model: Implicit
Potential mitigations: None beyond certification
Note: Should trusted apps be able to register as handlers for SMS web activities/intents, or only certified apps?