[RPP] remove the password from the DB

RESOLVED FIXED

Status

defect
RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: marta, Assigned: agnieszka.baranowska)

Tracking

({privacy})

unspecified
All
Gonk (Firefox OS)
Dependency tree / graph

Firefox Tracking Flags

(feature-b2g:2.2+)

Details

Attachments

(1 attachment)

Reporter

Description

5 years ago
Once Location/Lock/Remote Wipe Remove password from the database. Make sure the “first time use” launches next time the privacy panel is opened.
Reporter

Updated

5 years ago
Assignee: nobody → marta
Reporter

Updated

5 years ago
Summary: RPP: remove the password from the DB → [RPP] remove the password from the DB

Updated

5 years ago
Keywords: privacy

Updated

5 years ago
OS: Linux → Gonk (Firefox OS)
Hardware: x86_64 → All
Reporter

Updated

5 years ago
QA Whiteboard: STATUS: implementation work
Priority: -- → P3
Reporter

Updated

5 years ago
QA Whiteboard: STATUS: implementation work → STATUS: not started
Assignee

Comment 1

5 years ago
Password should be removed from the database at the moment when an SMS listener receives an SMS and detects the SMS as FmD SMS.

Marta, please confirm.
Assignee

Comment 2

5 years ago
Does it mean that user will have only single opportunity to send FmD SMS?
If we have 'hide FmD SMS' functionality, it won't be necessary remove password, yes?

Marta, please answer.
Reporter

Comment 3

5 years ago
No. The password should be removed once the user gets the phone back and unlocks it. Exemplary workflow:
1. I lost my device and need to locate it
2. I send an SMS to my number from friends phone
3. My phone activates the "locate_me(function) and sends back to my friends phone SMS with the GPS coordinates.
Also my phone locks itself.
4. I go to the location and find my device. 
5. I unlock my phone
6. The password is removed from the DB and app asks to set a new password.

We need to do that for locating, wiping and locking the device. The password should be reset after the phone is unlocked, not once it receives the SMS. We need to do it anyway, cause even hidden SMS can be resent later on by the person who's phone was used earlier.
Reporter

Updated

5 years ago
Assignee: marta → agnieszka.baranowska
Assignee

Comment 4

5 years ago
Should it (resetting password) be automatic or manual process? Because if manual process is enough, there is such functionality already designed. I mean this link 'Forgot/change your pass phrase?' below input to enter password. I mentioned about it in comment to 'Bug 1060157 - [RPP] Main panel' (https://bugzilla.mozilla.org/show_bug.cgi?id=1060157#c4).
Reporter

Comment 5

5 years ago
It should happen automatically. We cannot relay on the user to remember to reset his password. Possibility of resending a message with the already used password and activating the command again has too high security impact. The phone should not allow for any further usage of the functionality (go back to the "factory mode" of that app) once the functionality has been activated and later deactivated.
Reporter

Updated

5 years ago
QA Whiteboard: STATUS: not started → STATUS: implementation work
Reporter

Updated

5 years ago
QA Whiteboard: STATUS: implementation work → STATUS: ready for review
Priority: P3 → --
Reporter

Updated

5 years ago
Blocks: 1069915
Reporter

Updated

5 years ago
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED

Updated

5 years ago
feature-b2g: --- → 2.2+
You need to log in before you can comment on or make changes to this bug.