Security/Reviews/Gaia/bluetooth

App Review Details

  • App: Bluetooth
  • Review Date: 5th March 2003
  • Review Lead: Paul Theriault

Overview

The bluetooth app is a small app which is only used to facilitate transfer of files via bluetooth. It does not have an icon on the homescreen, rather it is triggered by an app launching a web activity.

Architecture

Components

The bluetooth app consists of one HTML page which is designed to accept web activity share requests.

Relevant Source Code

The main source code is contained: http://mxr.mozilla.org/gaia/source/apps/bluetooth/js/transfer.js


Permissions

The bluetooth app has the following permissions:

"permissions": {
   "bluetooth":{},
   "device-storage:sdcard":{ "access": "readonly" },
   "settings":{ "access": "readwrite" }
 }

  • Bluetooth is need to send files via bluetooth.
  • device-storage is used to monitor remaining disk space
  • settings access is needed to monitor and change the "bluetooth.enabled" setting.

Web Activity Handlers

The bluetooth app accepts one web activity as described in its web app manifest:

"activities": {

   "share": {
     "filters": {
     	"number": 1
      },
     "disposition": "inline",
     "returnValue": true,
     "href": "/transfer.html"
   }   
 }

Web Activity Usage

Notable Event Handlers

Code Review Notes

1. XSS & HTML Injection attacks

Several instances of innerHTML used, but output is escaped safely.

2. Secure Communications

3. Secure data storage

4. Denial of Service

5. Use of Privileged APIs

6. Interfaces with other Apps/Content

Security Risks & Mitigating Controls

Actions & Recommendations