Hello guys.
I want to contribute here with my little grain of sand: what about
asking in the FTU if the user is a developer and then ask for
configuring the device in such a special way including these passwords
and so on?
I think it could be a very cool feature to ask the user "do you think
you will create apps for Firefox OS?" with a yes / no answer. If you say
no, I remember you can always launch the FTU whenever you want.
Anyway, I will try to not be paranoid about security. If an attacker
gets your phone is only matter of time to get root access, the no
solution is effective.
Cheers!
On 22/09/13 12:24, Krzysztof Adamski wrote:
Dnia 2013-09-21, o godz. 18:28:28
Dale Harvey <[email protected]> napisał(a):
Requiring devs to have a pin code to enable debugging seems like more
than enough protection and for further measures it seems remote wipe
is far more useful than things that require us to wipe data (possible
the data we are trying to debug) before being able to debug it
If by "pin code" you mean PIN on SIM card then it's not enough since
all attacker has to do in order go steal your data is to use his own SIM
card.
I agree that wiping data first time we turn debugging on is not ideal
since this makes it hard to "start being developer" after we used the
phone for some time but remote wipe has it's downsides too. It does not
protect from "evil maid" attacks and many people seems to be concerned
about them. What is more important to me is that it may be too late
when you realize that your phone was stolen (couple minutes are enough
to copy all the data by attacker).
Also, how should that remote wipe work? Over the Internet or there is
some other way I'm not aware off? If it's the first one, then the first
thing that attacker will do is to disconnect the phone from the
Internet. And even if he doesn't, it's likely that stolen phone just
won't have continues Internet connectivity enabled. I personally often
turn Internet connection off to safe battery and I usually turn it off
completely when going abroad because it's too expensive in roaming.
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
