Another example: dialer app, and when you put the phone up to your face. The proximity sensor should detect whether you are in the app or not.
----- Original Message ----- From: "Doug Turner" <[email protected]> To: "Jonas Sicking" <[email protected]> Cc: "Paul Theriault" <[email protected]>, [email protected] Sent: Monday, June 4, 2012 6:34:25 PM Subject: Re: WebAPI Security Discussion: Sensor API Any good nav app would want acceleration events while in the background. These events are very important for turn by turn. Jonas Sicking <[email protected]> wrote: On Mon, Jun 4, 2012 at 5:16 AM, Paul Theriault <[email protected]> wrote: > My main concern was side-channel attacks - there have been several papers > released on sniffing passwords based on accelerometer information. Limiting > access to the foreground only would be a elegant security solution to that > specific threat. However on reflection, I think the permission depends on > the type of sensor (or combination of sensors) being made available. Or is > the point of this API that all sensors must be designed to be safe for > untrusted web content? I agree that we should do a per-sensor judgement. For get-information-from-outside-world sensors that we currently have implemented: * acceleration/gravity * magnetic field/orientation * rotation * ambient light * proximity I think turning the sensor off for background pages and apps would be the safer thing to do. I can't think of any great use cases that it would disable off the top of my head, but I could be wrong. / Jonas _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
