Some core concerns about privacy-sensitive data: - any form of input device data is privacy-sensitive. Touches on the screen could reveal unlock patterns, keys typed on the virtual keyboard, etc..
- proc is loaded with privacy-sensitive data, and even security-sensitive data, so it should (1) be specified and (2) restricted to only specific proc files that do not contain privacy-sensitive data. Example: /proc/mounts may contain the label of a SD card that was inserted. - most of the system logs contain way too much privacy sensitive information to be passed around. This problem is exaggerated by the sheer volume of debug information printed by some of the apps. - any data sent to a server should be SSL encrypted and do proper certificate verification. The design is very inclusive - you're trying to capture everything, that also means you'll have to assure that all of that is properly filtered and selected before sending anything out. If you reduce the amount of things you collect, you will have an easier time doing that. Cheers, Auke On Mon, Nov 18, 2013 at 7:24 AM, Leonid Moiseichuk <[email protected]> wrote: > Hello again, > > One week passed for Crash reporting proposal. > The new version contains implements "security hardening" changes: > - no user input collected > - no application-specific shell executed > - all application-specific files must be readable from application UID/GID > to be added into report > > See attached files and you are welcome with more comments . > Let's introduce deadline 25-Nov-2013 and if no changes introduced the > version will be a community reviewed "working proposal". > > Best Wishes, > Leonid > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of Leonid Moiseichuk > Sent: 14 November 2013 10:25 > To: [email protected] > Subject: [Dev] Crash Reporting proposal for Tizen > > Hello, > > I am happy to present Crash Reporter idea based on number available versions > in publicity. > It might be part of Tizen 3.0 if we agreed on approach. > > I recommend to start from architecture document and look into requirements > if you need technical details. > Please don't hesitate to share your opinion here or by email to me. > Any constructive critics are welcome. > > --- > Leonid Moiseichuk > Tizen Open Source Software engineer > Finland Research Institute - Branch of Samsung Research UK Falcon Business > Park, Vaisalantie 4, 02130 Espoo, Finland [email protected] | > Mobile: +358 50 4872719 > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
