WebAPI/Security/Alarm: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 23: | Line 23: | ||
Potential mitigations: Should be a way to disable alarm for a given app | Potential mitigations: Should be a way to disable alarm for a given app | ||
== | == Privileged (approved by app store) == | ||
Same as for installed untrusted app | Same as for installed untrusted app | ||
== Certified ( | == Certified (system-critical apps) == | ||
Same as for installed untrusted app | Same as for installed untrusted app | ||
Revision as of 23:40, 6 August 2012
Name of API: Alarm API
Reference:
https://groups.google.com/d/topic/mozilla.dev.webapi/pkx1uz_pnhQ/discussion
http://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/29f1efb730a9c17/5fd64f1fefe0ddd8
Brief purpose of API: Let apps set timers to wake up at a specified time General Use Cases:
- Implement an alarm reminder app by setting an alarm intent for a future time
- Set an alarm to ping a server at a specific time or set interval
Inherent threats: Annoyance
Threat severity: Low
Regular web content (unauthenticated)
Use cases for unauthenticated code: Relaunch the app via an alarm intent at a future time
Authorization model for normal content: None
Authorization model for installed content: Implicit
Potential mitigations: Should be a way to disable alarm for a given app
Privileged (approved by app store)
Same as for installed untrusted app
Certified (system-critical apps)
Same as for installed untrusted app