WebAPI/Security/Vibration: Difference between revisions
Jump to navigation
Jump to search
Ptheriault (talk | contribs) |
No edit summary |
||
| Line 34: | Line 34: | ||
__NOTOC__ | __NOTOC__ | ||
[[Category:Web APIs]] | |||
[[Category:Security]] | |||
Latest revision as of 23:42, 1 October 2014
Vibration
Brief purpose of API: Let content activate the vibration motor. General use cases: Vibrate when hit in a game etc.
Reference: http://dev.w3.org/2009/dap/vibration/
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#
Inherent threats: Obnoxious if abused, consume extra battery.
Threat severity: low
Notes:
- User can deny from Permission Manager to override an abusive app.
- Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Installed Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Privileged Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Certified Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |