Closed Bug 1388659 Opened 7 years ago Closed 2 years ago

Permission request for audio and camera on Aliexpress.com

Categories

(Core :: WebRTC: Audio/Video, defect, P4)

Product:
Core
Component:
WebRTC: Audio/Video
Platform:
ARM
Android
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME
Tracking Flags:
Tracking Status
fennec + ---
firefox55 --- affected
firefox56 --- affected
firefox57 --- affected

People

(Reporter: ohorvath, Unassigned)

Details

Device:  (Android );
LG Nexus 5 (Android 6.0.1)
Motorola Nexus 6 (Android 7.0)

Build: Nightly 57.0a1 (2017-08-08);

Steps to reproduce:
1. Have a clean profile and all browser permissions turned off in device settings. 
2. Go to aliexpress.com
3. Wait for the permission dialogs to appear.

Expected result:
On aliexpress, the audio and camera access permissions should not be requested when there is no action that requires them.

Actual result:
The site asks for video and audio recording access as soon as you open the page.
Evidently aliexpress is probing for these features when you load the page, which causes us to show these prompts. Mike, can you guys figure out what they're trying to do here?
Flags: needinfo?(miket)
I'll try to find time to fix this.
Assignee: nobody → cnevinchen
tracking-fennec: ? → +
Priority: -- → P2
Turns out the prompt is from WebRTC. https://m.aliexpress.com/ ask for camera permission maybe for online shopping assistance.
http://searchfox.org/mozilla-central/source/mobile/android/chrome/content/WebrtcUI.js#33


I don't have the knowledge to fix this so unassigned myself. I don't the action items either. Isn't this the epected behavior? I've used Chrome Android and they showed nothing about the permission. But if you use desktop Chrome and Firefox we do show the alert.
Assignee: cnevinchen → nobody
Priority: P2 → P3
Munro,
Any ideas?
Flags: needinfo?(mchiang)
They probably uses enumerateDevices api[1] to probe the audio / video devices for some reason.

[1] https://developer.mozilla.org/en-US/docs/Web/API/MediaDevices/enumerateDevices.
Component: General → WebRTC: Audio/Video
Flags: needinfo?(mchiang)
Product: Firefox for Android → Core
https://aeis.alicdn.com/security/umscript/3.3.9/um.js

erd: function () {
var e = i.defer();
  return S.mediaDevices && S.mediaDevices.enumerateDevices ? navigator.mediaDevices.enumerateDevices().then(function (t) {
    var n = t.map(function (e) {
      return e.deviceId
    });
    e.resolve(n.join(','))
    }, function () {e.reject()})  
: e.reject(), e}
}


(this whole script is weird... looks like it's just collecting fingerprinting data: installed fonts, plugins, deviceIDs, font metrics...)

I wonder why Chrome Mobile doesn't show the prompt though, is that expected?
Flags: needinfo?(miket)
Mass change P3->P4 to align with new Mozilla triage process.
Priority: P3 → P4
Severity: normal → S3
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.