WebAPI/Security/MobileConnection: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 1: Line 1:
Name of API: Mobile Connection API
== Mobile Connection API ==
 
References:
*https://wiki.mozilla.org/WebAPI/WebMobileConnection
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/WKMpHavP9-Y/discussion
 
Brief purpose of API: This exposes information about the current mobile voice and data  connection to (certain) HTML content.
Brief purpose of API: This exposes information about the current mobile voice and data  connection to (certain) HTML content.


Line 22: Line 17:
Threat severity: High
Threat severity: High


== Regular web content (unauthenticated) ==
References:
Use cases for unauthenticated code: None
*https://wiki.mozilla.org/WebAPI/WebMobileConnection
 
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/WKMpHavP9-Y/discussion
Authorization model for normal content: None
 
Potential mitigations: None
 
== Privileged (approved by app store) ==
Use cases for authenticated code: None
 
Authorization model: None
 
Potential mitigations: None
 
== Certified (system-critical apps) ==
Use cases for certified code: Telephone status UI
 
Authorization model: Implicit


Potential mitigations: None
{| border="1" class="wikitable"
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || None || No access
|-
| Installed Web Apps || None || No access
|-
| Privileged Web Apps || None || No access
|-
| Certified Web Apps ||  Telephone status UI || Implicit
|}


==Notes==
=== Notes ===
Some radio feature are also accessible via Settings API
Some radio feature are also accessible via Settings API


__NOTOC__
__NOTOC__
canmove, Confirmed users
1,220

edits