Closed Bug 1599834 Opened 5 years ago Closed 5 years ago

Request a security review of Glean-iOS custom URL handling.

Categories

(Data Platform and Tools :: Glean: SDK, task, P1)

Product:
Data Platform and Tools
Component:
Glean: SDK
Platform:
Unspecified
iOS
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: travis_, Assigned: travis_)

References

Details

(Whiteboard: [telemetry:glean-rs:m12])

Glean is shipped with the capability to handle custom URL schemes for iOS in the release version of the library to help with QA and problem diagnosis. This mean that other applications could manually start this activity and this might be a potential security problem.

This bug is for discussing any potential issue with this feature and, if required, take the appropriate actions to mitigate risks.

This functionality is identical to the functionality that was reviewed in Bug 1532926, but due to platform differences, the implementation is entirely different, which is why we considered it good practice to request security review again.

Assignee: nobody → tlong
Priority: P3 → P1
Whiteboard: [telemetry:glean-rs:m?] → [telemetry:glean-rs:m14]

Linking to the filled Security Review Request Form

Summary: Perform a security review of Glean-iOS custom URL handling. → Request a security review of Glean-iOS custom URL handling.

Email to secreview@mozilla.com sent

Whiteboard: [telemetry:glean-rs:m14] → [telemetry:glean-rs:m12]

I noticed I failed to add a link to secreview request form in the bug:
https://docs.google.com/document/d/1pNqWi50zQfdG5HAw0lA7rJIRYmLD_qYq2SUTXnk3-WQ/edit

Updated doc from security:
https://docs.google.com/document/d/1AST_TqCuqM-e3ydut7oEtt-EY-NoF-cq1KPxLD8RWEg/edit#

Closing as fixed with secreview+

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.