Please reply to [email protected]. ==WebActivities API==
References: *https://wiki.mozilla.org/WebAPI/WebActivities *https://bugzilla.mozilla.org/show_bug.cgi?id=715814 Brief purpose of API: Allow apps to both register for and to initiate tasks that cross app boundaries. General Use Cases: *Open a music file in a music player from the email app *Take a photo from a social networking app *Send an SMS from a social networking app *Create a document viewer app that can handle certain types of documents Inherent threats: *Become a handler for sensitive activities, then steal their contents or change flow of control *Escalation of privilege attacks against apps with greater permissions Threat severity: High == Regular web content (unauthenticated) == Use cases for unauthenticated code: Same Authorization model for normal content: Implicit to initiate only? Authorization model for installed content: Implicit to register or initiate Potential mitigations: Some apps implementing activities for sensitive APIs (i.e. SMS, photo/video recording, dialer, etc.) should implement UI even if access to WebActivities is implicit. == Privileged (approved by app store) == Use cases for privileged code: Same Authorization model: Implicit Potential mitigations: Same == Certified (system-critical apps) == Use cases for certified code: Same Authorization model: Implicit Potential mitigations: Same == Notes == Should sensitive system activities be somehow sandboxed away from "regular" web activities? Is it dangerous for any app to register as a handler for potentially sensitive operations (SMS, etc) even though it doesn't confer any additional privilege. Should any app be able to initiate any activity? _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
