WebAPI/Security/Wifi: Difference between revisions
Jump to navigation
Jump to search
(Had the wrong page in here (bluetooth)) |
No edit summary |
||
| Line 1: | Line 1: | ||
Name of API: Wifi API | Name of API: Wifi API | ||
Reference: http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1 | |||
Reference: | |||
*http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1 | |||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/zj0YUhJ8dYg/discussion | |||
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API. | Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API. | ||
General Use Cases: None | General Use Cases: None | ||
Inherent threats: Privacy(identify user, geolocation, | Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics) | ||
Threat severity: Moderate | Threat severity: Moderate | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: None | |||
Authorization model for normal content: | |||
Authorization model for installed content: | |||
Potential mitigations: | |||
== Privileged (approved by app store) == | |||
Use cases for privileged code: Wifi sniffer app | |||
Use cases for trusted code: Explicit | |||
Potential mitigations: | |||
== Certified (system-critical apps) == | |||
Use cases for certified code: Wifi Manager | |||
Authorization model: Implicit | |||
Potential mitigations: | |||
Revision as of 22:02, 6 August 2012
Name of API: Wifi API
Reference:
- http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/zj0YUhJ8dYg/discussion
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.
General Use Cases: None
Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)
Threat severity: Moderate
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content:
Authorization model for installed content:
Potential mitigations:
Privileged (approved by app store)
Use cases for privileged code: Wifi sniffer app
Use cases for trusted code: Explicit
Potential mitigations:
Certified (system-critical apps)
Use cases for certified code: Wifi Manager
Authorization model: Implicit
Potential mitigations: