App Review Details
- App: Bluetooth
- Review Date: 5th March 2003
- Review Lead: Paul Theriault
Overview
The bluetooth app is a small app which is only used to facilitate transfer of files via bluetooth. It does not have an icon on the homescreen, rather it is triggered by an app launching a web activity.
Architecture
Components
The bluetooth app consists of one HTML page which is designed to accept web activity share requests.
Relevant Source Code
The main source code is contained: http://mxr.mozilla.org/gaia/source/apps/bluetooth/js/transfer.js
Permissions
The bluetooth app has the following permissions:
"permissions": {
"bluetooth":{},
"device-storage:sdcard":{ "access": "readonly" },
"settings":{ "access": "readwrite" }
}
- Bluetooth is need to send files via bluetooth.
- device-storage is used to monitor remaining disk space
- settings access is needed to monitor and change the "bluetooth.enabled" setting.
Web Activity Handlers
The bluetooth app accepts one web activity as described in its web app manifest:
"activities": {
"share": {
"filters": {
"number": 1
},
"disposition": "inline",
"returnValue": true,
"href": "/transfer.html"
}
}
Web Activity Usage
Notable Event Handlers
Code Review Notes
1. XSS & HTML Injection attacks
Several instances of innerHTML used, but output is escaped safely.
2. Secure Communications
N/A, doesn't make network connections (apart from bluetooth obviously)