Security/Reviews/B2G/WebNFC
Jump to navigation
Jump to search
Gecko API Review Details
- API: Web NFC
- Review Date: September 2013
- Review Lead: Paul Theriault
Overview
This is a design review of the Web NFC API as currently designed, as of Sept 2, 2013. The API is not finalised but the Mozilla security team has been working with developers involved to provide security feedback to inform the finalization of this API, and guide future direction. While this review did cover some level of code review, final security code will be required once the implementation is stable, and there are apps planning to actually use this API.
Scope
The following system components were reviewed:
- Gaia
- System Application changes
- Web Activities
- System messages
- Communication between system app and NFC demo app
- Gecko
- mozNfc APIs
- Gecko Permissions
- Messaging (NFC:* messages, system messages)
- NFC System worker
- Interface to nfcd on IPC socket (JSON-based communication protocol)
- Gonk
- NFC Daemon (nfcd)
- Interface
There was also some discussion on the following topics, however these were are not included in the formal review below:
- NFC Wallet
- Transit applications (e.g. miFare)
- Secure Element (GSMA)