Closed Bug 1039044 Opened 10 years ago Closed 10 years ago

[B2G][FTE][Geolocation]Users can bypass the FTU by using "everything.me " in "More about your privacy"

Categories

(Firefox OS Graveyard :: Gaia::First Time Experience, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::First Time Experience
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(b2g-v1.4 affected, b2g-v2.0 affected, b2g-v2.1 affected)

Status:
RESOLVED DUPLICATE of bug 1088461
Tracking Flags:
Tracking Status
b2g-v1.4 --- affected
b2g-v2.0 --- affected
b2g-v2.1 --- affected

People

(Reporter: ekramer, Unassigned)

References

(
URL
)

Details

(Whiteboard: [273MB-Flame-Support][2.0-exploratory])

Attachments

(1 file)

FTE_Bypass.txt
1.70 KB, text/plain
Details
Attached file FTE_Bypass.txt
Description: There is a "More about your privacy" link in the Geolocation. Through that link Users can access the jobs section in of "EverythingMe". There are email links in these job postings that take the user to the email app. From here users can access email, settings, and a couple other options on their phone. Additional Details: The phone does not behave as intended in this fake state. It does not prompt a lock screen when woken up, and users cannot use most features. The only way out of this state is to Restart the device. Note: This issue reproduces in all memory settings for Flame. Prerequisite: 1. Sign into wifi during the FTE Repro Steps: 1) Update a Flame to 20140711000201 2) In FTE sign into a wifi access point 3) Enter "More about your privacy" in the "Geolocation" tab 4) Enter "everything.me" 5) Press on the "Jobs" section on the top of the "EverythingMe" page 6) Enter any job 7) Scroll down to the bottom of the page 8) Click on the email address provided for applying to the job (jobs@everything.me) 9) Select "OK" in the email confirmation page Actual: Users now have basic access to their device, without going through the full FTE. Lock bar is not active when device is awoken. Only way out of this state is to Restart the device. Expected: Users cannot get out of the FTU artificially. Environmental Variables: Device: Flame 2.0 Build ID: 20140711000201 Gaia: 18c44a1bc31b374ba00a069904465a8d07971a60 Gecko: f880dae4fdbe Version: 32.0a2 (2.0) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Repro frequency: 100% See attached: video clip ( http://youtu.be/KyQMF9aA-QA ) and logcat
This issue DOES reproduce on Flame 2.1. Flame 2.0, Flame 1.4, Buri 2.1, Buri 2.0, and Buri 1.4 Note: This issue reproduces on 512 and 273 memory settings for Flame. Flame Master BuildID: 20140711040202 Gaia: c47094a26c87ba71a3da4bae54febd0da21f3393 Gecko: 1b1296d00330 Version: 33.0a1 (Master) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:33.0) Gecko/33.0 Firefox/33.0 Flame 1.4 BuildID: 20140711000202 Gaia: e273c1f52ed7187e4e0b2d66ed5718f0f20c6eeb Gecko: 896fa800b72d Version: 30.0 (1.4) Firmware Version: v122 User Agent: Mozilla/5.0 (Mobile; rv:30.0) Gecko/30.0 Firefox/30.0 Buri Master BuildID: 20140711035913 Gaia: c47094a26c87ba71a3da4bae54febd0da21f3393 Gecko: 1b1296d00330 Version: 33.0a1 (Master) Firmware Version: v1.2device.cfg User Agent: Mozilla/5.0 (Mobile; rv:33.0) Gecko/33.0 Firefox/33.0 Buri 2.0 BuildID: 20140711045612 Gaia: e1aa5fcc3e1ee2dde9dd935efb1d660c09cf64ff Gecko: db356a82a908 Version: 32.0a2 (2.0) Firmware Version: v1.2device.cfg User Agent: Mozilla/5.0 (Mobile; rv:32.0) Gecko/32.0 Firefox/32.0 Buri 1.4 BuildID: 20140711000202 Gaia: e273c1f52ed7187e4e0b2d66ed5718f0f20c6eeb Gecko: 896fa800b72d Version: 30.0 (1.4) Firmware Version: v1.2device.cfg User Agent: Mozilla/5.0 (Mobile; rv:30.0) Gecko/30.0 Firefox/30.0 Actual Results: Users now have basic access to their device, without going through the full FTE. Lock bar is not active when device is awoken. Only way out of this state is to Restart the device.
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(ktucker)
I cannot reproduce this issue on the Flame 2.0(273mb). Sending to QA Wanted.
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(ktucker)
Keywords: qawanted
I was also UNABLE to get this to happen in 273mb because the Email app simply will not load at step 8 no matter how many times you tap on an email link or long tap on the link. I am able to repro in 512mb though.
QA Whiteboard: [QAnalyst-Triage?]
Flags: needinfo?(jmitchell)
Keywords: qawanted
QA Contact: croesch
Builds attempted on with 273mb Environmental Variables: Device: Flame 2.0 BuildID: 20140711211412 Gaia: ca022f811bcbbda0f89086094a9e92bb220fea18 Gecko: b3f6dbd37993 Version: 32.0a2 (2.0) Firmware Version: v122 and Environmental Variables: Device: Flame 2.0 BuildID: 20140717085706 Gaia: 9977a02ea62ba96425a1cc4d1bfb54a909f68905 Gecko: cc563253a046 Version: 32.0a2 (2.0) Firmware Version: v122
It seems that this bug should focus on 512 memory, and that being in 273 memory creates variable results that will block reproduction of this bug by apps being prevented from opeining. not nomming as a blocker - it seems that these STRs are a bit complex for the average user to encounter.
QA Whiteboard: [QAnalyst-Triage?] → [QAnalyst-Triage+]
Flags: needinfo?(jmitchell)
QA Whiteboard: [QAnalyst-Triage+] → [QAnalyst-Triage+][lead-review+]
Duping against bug 1088461, which we'll use as the bug to address these kinds of 'escape/bypass' the FTU via the browser
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: