Sync Ping doesn't hash/obfuscate deviceID and UID properties

RESOLVED FIXED

Status

()

P1
blocker
RESOLVED FIXED
2 years ago
a year ago

People

(Reporter: sleroux, Assigned: sleroux)

Tracking

unspecified
Other
iOS

Firefox Tracking Flags

(fxios8.0+, fxios-v8.0 fixed, fxios-v9.0 fixed)

Details

(Whiteboard: [MobileCore])

Attachments

(1 attachment)

(Assignee)

Description

2 years ago
Currently we're sending the raw deviceID and FxA UID in our sync pings. According to the sync ping document these should be sending SHA 256 hashed versions of these. The 'uid' property should be the 'hashed_fxa_uid' we receive from the token server (not documented) and the 'deviceID' property should be the sha256(raw device id + hashed_fxa_uid).
(Assignee)

Updated

2 years ago
Assignee: nobody → sleroux
Status: NEW → ASSIGNED
(Assignee)

Updated

2 years ago
Iteration: --- → 1.21
Whiteboard: [MobileCore]
(Assignee)

Comment 1

2 years ago
Created attachment 8867211 [details]
Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2722#attch-to-bugzilla
Attachment #8867211 - Flags: review?(gkruglov)
(Assignee)

Comment 2

a year ago
master df12991b0902e6f7b3c7b56d627cee6aee54e7a9
v8.x f758fe8
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
status-fxios-v8.0: --- → fixed
status-fxios-v9.0: --- → fixed
Resolution: --- → FIXED
Iteration: 1.21 → 1.22

Comment 3

a year ago
Comment on attachment 8867211 [details]
Link to Github pull-request: https://github.com/mozilla-mobile/firefox-ios/pull/2722#attch-to-bugzilla

Slack-reviewed (got locked out of GH :/) couple of days ago.
Attachment #8867211 - Flags: review?(gkruglov) → review+
You need to log in before you can comment on or make changes to this bug.