WebAPI/Security/Wifi
Jump to navigation
Jump to search
Name of API: Wifi API
Reference:
- http://groups.google.com/group/mozilla.dev.webapi/browse_thread/thread/ed980c42261c5f4a?pli=1
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/zj0YUhJ8dYg/discussion
Brief purpose of API: Read wifi network information (read-only). All network changes should go through settings API.
General Use Cases: None
Inherent threats: Privacy (identify user, geolocation, based on wifi characteristics)
Threat severity: Moderate
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content:
Authorization model for installed content:
Potential mitigations:
Privileged (approved by app store)
Use cases for privileged code: Wifi sniffer app
Use cases for trusted code: Explicit
Potential mitigations:
Certified (system-critical apps)
Use cases for certified code: Wifi Manager
Authorization model: Implicit
Potential mitigations: