WebAPI/Security/OpenWebApp

From MozillaWiki
< WebAPI‎ | Security
Revision as of 01:23, 2 May 2012 by Ladamski (talk | contribs) (Created page with "Name of API: Open Web App API Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API Security Discussion: https://groups.google.com/group/mozilla.dev.webapp...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Name of API: Open Web App API

Reference: https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API

Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/9ca037e5e4a3698b/375194a4d262a230

Brief purpose of API: The Open Web Apps JavaScript API is a programmatic interface for installing Web apps and for managing a client-side collection of Web apps that a user has installed.

General Use Cases:

  • Install an app - navigator.mozApps.install(url, [install_data])
  • A web page can check if it is installed - navigator.mozApps.getSelf()
  • Return a list of installed apps installed by this domain - navigator.mozApps.getInstalled()

Inherent threats:

  • Installation grants some minor additional privileges
  • Access to install an app on another domain introduces risks
  • Privacy (users can be identified by list of apps)

Threat severity: Low for Installation API, High for Management API

Regular web content (unauthenticated)

Use cases for unauthenticated code: Just the general cases as above.

Authorization model for normal content: Explicit for install (OS Mediated), Implicit for check status

Authorization model for installed content: Explicit for install (OS Mediated), Implicit for check status

Potential mitigations: getInstalled() only returns the apps installed by the current domain

Trusted (authenticated by publisher)

Use cases for authenticated code:

  • A "dashboard" can manage and launch Apps on the users behalf
  • A "dashboard" can monitor the state of logged in applications

Authorization model: Implicit, except Remove App is Explicit (OS Mediated)

Potential mitigations:

  • uninstall() is a method of the application object itself. Since you can only get apps that you installed from (using getInstalled()) or yourself (using getSelf()) this mitigates the risks. [fabrice]

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Same as trusted

Authorization model: Implicit

Potential mitigations:

  • Only apps having high privileges can use mgmt.getAll() to see cross-stores installs. [fabrice]
  • Allow user control over updates
  • Warn when downloading large updates over cellular
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/OpenWebApp&oldid=426302"