WebAPI/Security/WebTelephony: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 20: Line 20:
== Regular web content (unauthenticated) ==
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
Use cases for unauthenticated code: click on a phone number in an email or browser to dial
Authorization model for uninstalled web content: explicit (web activities)
*Authorization model for uninstalled web content: explicit (web activities)
Authorization model for installed web content: explicit (web activities)
*Authorization model for installed web content: explicit (web activities)
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.
*Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call.  User interaction required to trigger.


== Trusted (authenticated by publisher) ==
== Trusted (authenticated by publisher) ==

Revision as of 07:03, 12 June 2012


Brief purpose of API: Make and receive phone calls

General Use Cases: None

Inherent threats:

  • Place calls to high cost numbers,
  • Route calls through high cost network,
  • Direct calls through MITM network (spying).
  • Possibly with audio API, record phone calls, record touch tone signals (account numbers?).
  • In addition, there is a high likelihood that this API will need to be controlled for legal reasons.

Threat severity: high to critical, confidential information disclosure and direct financial risk

Regular web content (unauthenticated)

Use cases for unauthenticated code: click on a phone number in an email or browser to dial

  • Authorization model for uninstalled web content: explicit (web activities)
  • Authorization model for installed web content: explicit (web activities)
  • Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger.

Trusted (authenticated by publisher)

Use cases for authenticated code:

  • Fun dialers (eg. rotary dialer)

Authorization model: explicit (web activities)

Certified (vouched for by trusted 3rd party)

Use cases for certified code:

  • Handler for telephony web activities
  • Replacement dialer
  • Voice conference software (e.g. connect Voip with a mobile call)?
  • Mediate incoming calls (accept/reject/merge)
  • Query transceiver state

Authorization model: implicit Potential mitigations: none