On 29/09/2012, at 04:55, "Jonas Sicking" <[email protected]> wrote:
> On Fri, Sep 28, 2012 at 7:00 PM, ANTONIO MANUEL AMAYA CALVO <[email protected]> > wrote: >> This one >> >> https://bugzilla.mozilla.org/show_bug.cgi?id=794407 >> >> isn't on any on the lists (or if it is I didn't see it), and it really >> should be. > > FWIW, relying on user actions should never be used as a security > mechanism. The user might not have any idea that his/her action can > cause something harmful to happen and might just be thinking he/she is > clicking a link or scrolling a window. Yes, I mostly agree. Mostly only, because it still is a mitigation measure against some attacks, since at least that way we know the user is looking at his phone. And hopefully the invoked activity will have some visual feedback to the user (plus the card switching animation, of course) that will allow her to stop the action. In fact, if the activity handker is on an aplication that uses any privileged API, we can ensure that. In the case of the dialer, for normal calls, that's the case in fact. The call will start but if the user is looking at his phone she'll be able to cancel it. Even if the 'call' is an USSD code, she would know something happened. Without this measure in place, a malicious app could just wait and invoke the activity at a moment when it assumes the user isn't looking. But I totally agree that it doesn't prevent harm by a badly designed activity handler. > > The "user action required" step should only be used to prevent APIs > from being used to annoy the user. I.e. to prevent a API from opening > dialogs every second. > >> As it stands now, any web page can use the 'dial' web activity from a script >> and the dialer just places the call. > > That really should not be the case. If it is that's a separate bug and > a bad one. No app should take any potentially harmful actions just in > response to an activity. It's the responsibility of the dialer app to > make sure that the user really wants to place the phonecall, for > example by just prefilling the phone number but waiting for the user > to press the 'dial' button. Again, I agree, and that's why I filed the gaia issue I linked also. Best regards, Antonio > > / Jonas ________________________________ Este mensaje se dirige exclusivamente a su destinatario. Puede consultar nuestra política de envío y recepción de correo electrónico en el enlace situado más abajo. This message is intended exclusively for its addressee. We only send and receive email on the basis of the terms set out at: http://www.tid.es/ES/PAGINAS/disclaimer.aspx _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
