Closed Bug 702183 Opened 13 years ago Closed 13 years ago

Fennec 9.0b1 now asking for extra "read sensitive log data" permission

Categories

(Firefox for Android Graveyard :: General, defect)

Firefox 9
Other
Android
defect
Not set
normal

Tracking

(firefox9- fixed, firefox10 fixed, firefox11 fixed)

VERIFIED FIXED
Firefox 11
Tracking Status
firefox9 - fixed
firefox10 --- fixed
firefox11 --- fixed

People

(Reporter: joduinn, Assigned: blassey)

References

Details

Attachments

(2 files)

This permission is new in 9.0beta1.

In release notes / whats new, I couldnt find any explaination of why this was added. So far, in a quick non-scientific scan of comments in marketplace, I found 3 people in last 2 days who gave Firefox 9.0b1 a 1star rating because of privacy concerns with the new permission.

If this permission is needed, can we better explain it someplace users can easily find the details? Of course, if we dont actually need it, we should remove it.
fyi: I also checked and found no mention in https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests.


cc-ing mfinkle, legneato in case this needs triaging before 9.0b2.
in bug#672352, I found: "Your personal information: Read sensitive log data" was added in Firefox 9 because it is required by the Adobe Flash plugin (bug 630007).
Summary: Fennec 9.0b1 now asking for extra "read snsitive log data" permission → Fennec 9.0b1 now asking for extra "read sensitive log data" permission
this was added when NPAPI support was landed:
https://hg.mozilla.org/mozilla-central/diff/09dc9b406bd6/embedding/android/AndroidManifest.xml.in

the confusing thing for me, is the permission is not requested in the droid_plugins branch:
https://hg.mozilla.org/users/blassey_mozilla.com/droid-plugins/annotate/b12d4e6cdfcc/embedding/android/AndroidManifest.xml.in

Doug, any idea why this (and the other 5 permission requests) were added?
per today's planning meeting:

1) unclear if we do actually need this permission in beta - if not, can we do anything before 9.0beta2?

2) if it turns out we do need this permission, we need to add this to the 9.0beta release notes.
I removed READ_LOGS, WAKE_LOCK, ACCESS_WIFI_STATE, and CHANGE_NETWORK_STATE from the manifest locally and don't seem to be having any issues with flash
The permissions added by the Flash patches are documented in the latest revision of https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests#os=android&browser=m9
Blocks: 630007
tracking-fennec: --- → ?
Depends on: 672352
When implementing flash on Android, we saw lots of failures for not having the right permission.  I'd add one, then try a few more sites.  At about 3 or 4 new failures, I just gave up (knowing that I could never catch every failure) and copied what Opera had (yes, they did it first).

It would be good to get the exact list of required permissions from Adobe.  It might also be fine with removing everything we can and have people report the failures.
Attached patch patchSplinter Review
yea, let's go with that.
Assignee: nobody → blassey.bugs
Attachment #575015 - Flags: review?(doug.turner)
Attachment #575015 - Flags: review?(doug.turner) → review+
Attachment #575015 - Flags: approval-mozilla-beta?
Attachment #575015 - Flags: approval-mozilla-aurora?
Depends on: 703661
We have seen permission failures in birch due to the missing WAKE_LOCK permission check. This patch adds it back.
Attachment #575511 - Flags: review?(blassey.bugs)
The logcat for WAKE_LOCK

W/System.err( 3318): java.lang.SecurityException: Neither user 10067 nor current process has android.permission.WAKE_LOCK.
W/System.err( 3318):    at android.os.Parcel.readException(Parcel.java:1322)
W/System.err( 3318):    at android.os.Parcel.readException(Parcel.java:1276)
W/System.err( 3318):    at android.os.IPowerManager$Stub$Proxy.acquireWakeLock(IPowerManager.java:277)
W/System.err( 3318):    at android.os.PowerManager$WakeLock.acquire(PowerManager.java:253)
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.nativeRun(Native Method)
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:447)
W/System.err( 3318):    at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:115)
Comment on attachment 575511 [details] [diff] [review]
add WAKE_LOCK back

make sure to put a comment in the push saying why we need this
Attachment #575511 - Flags: review?(blassey.bugs) → review+
https://hg.mozilla.org/projects/birch/rev/0695a3352ef8
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
If this patch lands in Aurora and Beta, it should *not* remove the WAKE_LOCK permission (bug 703661).
Comment on attachment 575015 [details] [diff] [review]
patch

[triage comment]
Please land this on aurora and beta asap.
Attachment #575015 - Flags: approval-mozilla-beta?
Attachment #575015 - Flags: approval-mozilla-beta+
Attachment #575015 - Flags: approval-mozilla-aurora?
Attachment #575015 - Flags: approval-mozilla-aurora+
Verified fixed on:
Mozilla/5.0 (Android;Linux armv7l;rv:10.0)Gecko/20111228
Firefox/10.0 Fennec/10.0
Devices: Samsung Galaxy S
OS: Android 2.2
Status: RESOLVED → VERIFIED
tracking-fennec: ? → ---
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: