Closed
Bug 1303393
Opened 8 years ago
Closed 2 years ago
Use the Google Play Services 9.4 API for Safe Browsing on Fennec
Categories
(Toolkit :: Safe Browsing, defect, P3)
Toolkit
Safe Browsing
Tracking
()
RESOLVED
INCOMPLETE
People
(Reporter: francois, Unassigned)
References
Details
The latest release of Google Play Services (https://developers.google.com/android/guides/releases#august_1_-_v94) allows all Android developers to make use of the system Safe Browsing component. We should use this in order to reduce Fennec data/power usage as well as improve detection of malware. Documentation is at https://developer.android.com/training/safebrowsing/index.html
Reporter | ||
Updated•8 years ago
|
Assignee: nobody → hchang
Whiteboard: #sbv4-m3
Reporter | ||
Updated•8 years ago
|
Priority: P3 → P2
Updated•8 years ago
|
Whiteboard: #sbv4-m3 → #sbv4-m4
Updated•7 years ago
|
Whiteboard: #sbv4-m4 → #sbv4-m6
Comment 1•7 years ago
|
||
Hi Francois, I just flagged you to review this patch but it depends on Bug 1276826.
Depends on: 1276826
Flags: needinfo?(francois)
Comment 2•7 years ago
|
||
(In reply to Henry Chang [:henry][:hchang] from comment #1) > Hi Francois, > > I just flagged you to review this patch but it depends on Bug 1276826. Submitted accidentally :( Probably 3 days are not enough to get the review done . However, this is the last mile to a complete v4 implementation (except caching and noise). No hurry but I am ambitious to land this patch if you don't see any big issue in the patch :p
Reporter | ||
Comment 3•7 years ago
|
||
(In reply to Henry Chang [:henry][:hchang] from comment #1) > I just flagged you to review this patch but it depends on Bug 1276826. Which patch are you talking about?
Flags: needinfo?(francois) → needinfo?(hchang)
Comment 4•7 years ago
|
||
(In reply to François Marier [:francois] from comment #3) > (In reply to Henry Chang [:henry][:hchang] from comment #1) > > I just flagged you to review this patch but it depends on Bug 1276826. > > Which patch are you talking about? oops I meant Bug 1312339 :p Please ignore the comments in this bug :(
Flags: needinfo?(hchang)
Reporter | ||
Updated•7 years ago
|
Assignee: hchang → nobody
Priority: P2 → P3
Updated•7 years ago
|
Whiteboard: #sbv4-m6
Reporter | ||
Updated•7 years ago
|
Whiteboard: #sbv4-m8
Comment 5•7 years ago
|
||
Is this on our radar? What's the timeframe? This would be a pretty big win from a partner perspective.
Reporter | ||
Comment 6•7 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #5) > Is this on our radar? What's the timeframe? > > This would be a pretty big win from a partner perspective. We are focusing on desktop at the moment because we have a hard deadline there (end of this year). Once we've shipped V4 on desktop, we can take a look at the Google Play Services API. If someone on the Fennec side wanted to take the lead on this though, we could help with refactoring / reviewing code.
Comment 7•7 years ago
|
||
FYI: We are currently considering adding the Play Services API for supporting safe browsing in Focus for Android (early investigation). There might be the opportunity to share some of the code or hands-on experience.
My team can probably take this. François, we'd probably just want to implement an entirely new nsIUrlClassifierDBService, since we don't need any of the existing code for updating tables, etc? Have you thought much about how we would integrate a foreign classifier?
Flags: needinfo?(francois)
Reporter | ||
Comment 9•7 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #8) > Have you thought much about how we would integrate a foreign classifier? I was planning to discuss it with Henry and Dimi next month when we get together in Taipei. Would that be too late? What's your timeframe for starting this work?
Flags: needinfo?(francois) → needinfo?(snorp)
(In reply to François Marier [:francois] from comment #9) > (In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #8) > > Have you thought much about how we would integrate a foreign classifier? > > I was planning to discuss it with Henry and Dimi next month when we get > together in Taipei. > > Would that be too late? What's your timeframe for starting this work? No specific time frame, so that sounds fine.
Flags: needinfo?(snorp)
Reporter | ||
Comment 11•7 years ago
|
||
Sorry for the delay in getting back to you. I just realized I hadn't updated this bug since the work week. This is the rough design we came up with: https://docs.google.com/document/d/1Yp0NqosTJuO10vRGFrQxIsjAt40ZkJ4RmaxprJUTKCM/edit?usp=sharing
Reporter | ||
Updated•7 years ago
|
Whiteboard: #sbv4-m8 → #sbv4-m9
Reporter | ||
Comment 12•7 years ago
|
||
(In reply to François Marier [:francois] from comment #11) > https://docs.google.com/document/d/ > 1Yp0NqosTJuO10vRGFrQxIsjAt40ZkJ4RmaxprJUTKCM/edit?usp=sharing Moved to https://public.etherpad-mozilla.org/p/sbgoogleplay so that it can be edited easily with history.
Reporter | ||
Updated•7 years ago
|
No longer blocks: safebrowsingv4
No longer depends on: 1276826
Reporter | ||
Updated•7 years ago
|
Whiteboard: #sbv4-m9
Reporter | ||
Comment 13•6 years ago
|
||
(In reply to François Marier [:francois] from comment #12) > Moved to https://public.etherpad-mozilla.org/p/sbgoogleplay so that it can > be edited easily with history. ...and copying to Bugzilla since Etherpad is getting axed: New preferences - browser.safebrowsing.provider.googleplay.enabled (boolean) - browser.safebrowsing.provider.googleplay.reportURL (string) Changes to BeginConnect(?) 1. If we are on Fennec (#ifdef) and browser.safebrowsing.provider.googleplay.enabled is true, then run the URL through the GooglePlaySafeBrowsingService. 1.1 [nalexander] GPSBS is implemented in Java, correct? So this is a JNI call? That means no xpcshell tests, and I expect to need some small labour to make the JNI wrapper generation work for such a conditional third-party library. 2. If that returned a hit, then exit immediately with the relevant error code (TODO) and set the provider to “googleplay” (for the warning pages). 3. Then call into the DBService as usual. GooglePlaySafeBrowsingService 1. Check whether or not the version of Google Play is recent enough. 2. Look at the value of browser.safebrowsing.malware.enabled and browser.safebrowsing.phishing.enabled and call the lookup API the the URL 2.1 [nalexander] In general, it's not trivial for Java code to inspect Gecko prefs. Life will be much easier if the invoking Gecko code provides or otherwise acts on the value of the prefs. (This might not be as true now as it once was, but in general pref reads are asynchronous on the Java side.) 3. Return the relevant error. Build option If building with Google Play support: - browser.safebrowsing.provider.googleplay.enabled = true - urlclassifier.malwareTable = “test-malware-simple,test-unwanted-simple” - urlclassifier.phishTable = “test-phish-simple” If building without Google Play support: - browser.safebrowsing.provider.googleplay.enabled = false - Leave urlclassifier.malwareTable and urlclassifier.phishTable set to their default (Desktop) values. - [nalexander] You'll need some dummy implementation of the GPSBS, since you won't be able to compile the Java at all if MOZ_NATIVE_DEVICES (which, paradoxically, controls GPS on the Java side) isn't defined. This isn't hard, it just needs to be done.
Comment 14•2 years ago
|
||
Fennec is EoS.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INCOMPLETE
You need to log in
before you can comment on or make changes to this bug.
Description
•