MozillaWiki

WebAPI/Security/SMS: Difference between revisions

Page Discussion

WebAPI/Security/SMS (view source)

Revision as of 21:22, 6 August 2012

108 bytes added ,  6 August 2012
no edit summary
No edit summary
No edit summary
Line 17: Line 17:
Use cases for unauthenticated code: App prompts user to send SMS
Use cases for unauthenticated code: App prompts user to send SMS


Authorization model for uninstalled web content: Explicit (via web activities)
Authorization model for uninstalled web content: Explicit via web activities


Authorization model for installed web content: Explicit (via web activities)
Authorization model for installed web content: Explicit via web activities


Potential mitigations:
Potential mitigations:


== Trusted (authenticated by publisher) ==
== Privileged (approved by app store) ==
Use cases for authenticated code: Full-featured SMS app.  Read & send SMS.
Use cases for privileged code: Full-featured SMS app.  Read & send SMS.


Authorization model: Explicit
Authorization model: Explicit


Potential mitigations: Check your phone bill?
Potential mitigations: Set thresholds or warnings on premium numbers.  Only allow sending of SMS's to user-provided contacts.  Show OS confirmation of message before sending.


== Certified (vouched for by trusted 3rd party) ==
== Certified (system-critical apps) ==
Use cases for certified code:  SMS app
Use cases for certified code:  SMS app


Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/458288"