Closed
Bug 1037682
Opened 10 years ago
Closed 10 years ago
[B2G][Settings][FindMyDevice] With Find My Device enabled app permissions are always Grant on phone reboot
Categories
(Firefox OS Graveyard :: FindMyDevice, defect)
Tracking
(blocking-b2g:-, b2g-v2.0 affected, b2g-v2.1 unaffected)
RESOLVED
WONTFIX
blocking-b2g | - |
Tracking | Status | |
---|---|---|
b2g-v2.0 | --- | affected |
b2g-v2.1 | --- | unaffected |
People
(Reporter: bzumwalt, Unassigned)
References
()
Details
(Whiteboard: [273MB-Flame-Support] ,[2.0-exploratory])
Attachments
(1 file)
253.94 KB,
text/plain
|
Details |
Description: When user has Find My Device enabled and is signed into FxA, changing the app permissions for FMD to Ask or Deny then rebooting phone causes permissions for FMD to change back to Grant. Repro Steps: 1) Update a Flame to 20140711000201 2) Sign into Firefox Account and enable FindMyDevice 3) Navigate to App Permissions > Find My Device in Settings and change geolocation permission to Deny 4) Reboot phone 5) Navigate to App Permissions > Find My Device Actual: App permissions for FMD are reset to Grant on phone reboot when FMD is enabled. Expected: App permissions for all apps remain as set on phone reboot. Environmental Variables: Device: Flame 2.0 (273mb) Build ID: 20140711000201 Gaia: 18c44a1bc31b374ba00a069904465a8d07971a60 Gecko: f880dae4fdbe Version: 32.0a2 (2.0) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Notes: Repro frequency: 3/3, 100% See attached: Youtube video clip & logcat Youtube Link: http://youtu.be/XIcXI66C1vM
Reporter | ||
Comment 1•10 years ago
|
||
Issue DOES occur on 2.0 Flame (512mb) & 2.0 Open C Environmental Variables: Device: Flame 2.0 (512mb) BuildID: 20140711000201 Gaia: 18c44a1bc31b374ba00a069904465a8d07971a60 Gecko: f880dae4fdbe Version: 32.0a2 (2.0) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Environmental Variables: Device: Open_C 2.0 Build ID: 20140711000201 Gaia: 18c44a1bc31b374ba00a069904465a8d07971a60 Gecko: f880dae4fdbe Version: 32.0a2 (2.0) Firmware Version: P821A10V1.0.0B06_LOG_DL User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Actual Result: App permissions for FMD are reset to Grant on phone reboot when FMD is enabled. Issue does NOT occur on 2.1 Flame, 2.1 Buri, 2.0 Buri Environmental Variables: Device: Flame Master (273mb) Build ID: 20140711040202 Gaia: c47094a26c87ba71a3da4bae54febd0da21f3393 Gecko: 1b1296d00330 Version: 33.0a1 (Master) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:33.0) Gecko/33.0 Firefox/33.0 Environmental Variables: Device: Buri Master Build ID: 20140711040202 Gaia: c47094a26c87ba71a3da4bae54febd0da21f3393 Gecko: 1b1296d00330 Version: 33.0a1 (Master) MOZ Firmware Version: v1.2device.cfg User Agent: Mozilla/5.0 (Mobile; rv:33.0) Gecko/33.0 Firefox/33.0 Environmental Variables: Device: Buri 2.0 Build ID: 20140711000201 Gaia: 18c44a1bc31b374ba00a069904465a8d07971a60 Gecko: f880dae4fdbe Version: 32.0a2 (2.0) Firmware Version: v1.2device.cfg User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Actual Result: App permissions for all apps remain as set on phone reboot. Could not locate these devices on find.firefox.com which could be a contributing factor. Issue cannot be tested on 1.4 as Find My Device function is not present
Comment 2•10 years ago
|
||
nomming for 2.0, device should not change user preference
blocking-b2g: --- → 2.0?
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(jmitchell)
Comment 3•10 years ago
|
||
I think there is a missed uplift(or something changes) happening here, given we cannot repro on m-c/master(2.1). NI :ggp to get started here.
Flags: needinfo?(ggoncalves)
Updated•10 years ago
|
QA Whiteboard: [QAnalyst-Triage+] → [QAnalyst-Triage+][lead-review+]
Comment 4•10 years ago
|
||
Couldn't reproduce with the STR on a Flame with the same Gaia version, but different Gecko. I don't think the Gecko version should matter, FMD is contained inside Gaia only. Note, however, that FMD will grant itself that permission when it starts tracking. So if you had the website open while reproducing, for example, FMD would have received a request to start tracking. Can that explain the behavior you see, perhaps?
Flags: needinfo?(ggoncalves)
Reporter | ||
Comment 5•10 years ago
|
||
I did have FMD website open at the time. It's expected that I wouldn't receive a notification at start of tracking if I have the permission set to "Ask" or "Deny"?
Comment 6•10 years ago
|
||
The expected behavior is that you will not get the permission prompt, FMD will grant itself the permission silently [1], and tracking should work normally. 1- https://github.com/mozilla-b2g/gaia/blob/master/apps/findmydevice/js/commands.js#L68
Comment 7•10 years ago
|
||
NI :vishy here as discussed in triage to help understand this better.
Flags: needinfo?(vkrishnamoorthy)
Comment 8•10 years ago
|
||
This is working as desired. FMD grants itself the permission for geolocation similar to certified apps
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(vkrishnamoorthy)
Resolution: --- → WONTFIX
Updated•10 years ago
|
blocking-b2g: 2.0? → -
Comment 9•10 years ago
|
||
(In reply to Guilherme Gonçalves [:ggp] from comment #6) > The expected behavior is that you will not get the permission prompt, FMD > will grant itself the permission silently [1], and tracking should work > normally. > > 1- > https://github.com/mozilla-b2g/gaia/blob/master/apps/findmydevice/js/ > commands.js#L68 Paul - Can you confirm you are okay with this design decision from a security/privacy perspective? I'm concerned we're breaking our particular prompting strategy with geolocation here & not allowing the user to control geolocation access in the FMD app.
Flags: needinfo?(ptheriault)
Comment 10•10 years ago
|
||
I think this is ok. My understanding is that we grant the permission, but we don't actually start watching geolocation until the user uses the findmydevice website. So there is an implicit permission grant done. Either way the user should be aware that in order to find your phone it needs to know the phones location. And if we prompted, that would allow the person who found your phone to turn off this service.
Flags: needinfo?(ptheriault)
You need to log in
before you can comment on or make changes to this bug.
Description
•