177
edits
B2G App Security Model/Threat Model: Difference between revisions
B2G App Security Model/Threat Model (view source)
Revision as of 18:56, 25 March 2012
, 25 March 2012→Potential Countermeasures
| Line 136: | Line 136: | ||
* Web Apps must be installed to gain permissions (ie websites on the same domain as a web app will not get the same permissions) | * Web Apps must be installed to gain permissions (ie websites on the same domain as a web app will not get the same permissions) | ||
* Trusted UI | * Trusted UI | ||
* Applications which are granted the right to operate full-screen should be '''severely''' limited. | * Applications which are granted the right to operate full-screen should be '''severely''' limited, and an easily-recogniseable surround (frame) presented around apps at '''all''' times. | ||
** Video is the only real major exception but must be banned from being interactive in full-screen mode, as it could potentially be used as an attack vector (playback of still images - paused using HTML5 - representing phishing attack dialog boxes etc). | |||
=== Privacy-invasive but non-malicious app === | === Privacy-invasive but non-malicious app === | ||