+dev-fxacct, since this impacts the mooted Device Manager, and will be of interest.
On Mon, Oct 12, 2015 at 11:46 AM, Michael Comella < [email protected]> wrote: > To recount today's Frontend meeting, we briefly spoke about conflict > between Firefox Sync & auto backup. We came up with the possibility of > syncing the Firefox Account Android-account so that when users switch to a > different device, Sync will be automatically set up and the Firefox Sync > services can restore the user's synced data (e.g. this could help > differentiate Firefox and maintain retention on new devices). It's unclear > if Firefox Sync will allow us to do that under the hood, but it's open to > be investigated. > We certainly have the infrastructure to do this: we do something like this on every device right now in order to recover the Android Account across SD card manipulations. We would want special support to do this across devices, and I'm not sure we want to. Right now, a connected device does not store the user's password. It does store things acquired with the user's password, like access tokens and encryption keys. This is a good story for security: a compromised device cannot do everything the user can do, because certain actions require knowledge of the password. For example: changing the password, or deleting the account entirely. To allow the user to smoothly transition to N>=1 new devices, we need to store something that gives access to all services but without the power of the password. That might look like an fxa-auth-server API for exchanging tokens when we recognize that we're not the "original" device; or a master token that each device can use to authenticate in a limited manner. That's a change to the security model, but perhaps not a significant one. I think supporting this is valuable and would like to work with the FxA team to make it possible. We didn't discuss other data to potentially store – files, databases, and > shared preferences, as Sebastian mentions above. > > I personally think it'd be great to save preferences as well, though I'm > unsure how this could affect the Gecko-related preferences. However, I > think with a bit of work, we could get preference sync working properly for > preferences in the Android UI (e.g. mirror the prefs in shared preferences > so Android can restore them). I think this is lower priority than the > account work. > I agree. Nick
_______________________________________________ mobile-firefox-dev mailing list [email protected] https://mail.mozilla.org/listinfo/mobile-firefox-dev
