Fennec 9.0b1 now asking for extra "read sensitive log data" permission

VERIFIED FIXED in Firefox 11

Status

Fennec Graveyard
General
VERIFIED FIXED
6 years ago
3 years ago

People

(Reporter: joduinn, Assigned: blassey)

Tracking

Firefox 9
Firefox 11
Other
Android
Dependency tree / graph

Details

Attachments

(2 attachments)

This permission is new in 9.0beta1.

In release notes / whats new, I couldnt find any explaination of why this was added. So far, in a quick non-scientific scan of comments in marketplace, I found 3 people in last 2 days who gave Firefox 9.0b1 a 1star rating because of privacy concerns with the new permission.

If this permission is needed, can we better explain it someplace users can easily find the details? Of course, if we dont actually need it, we should remove it.
fyi: I also checked and found no mention in https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests.


cc-ing mfinkle, legneato in case this needs triaging before 9.0b2.
in bug#672352, I found: "Your personal information: Read sensitive log data" was added in Firefox 9 because it is required by the Adobe Flash plugin (bug 630007).
Summary: Fennec 9.0b1 now asking for extra "read snsitive log data" permission → Fennec 9.0b1 now asking for extra "read sensitive log data" permission
this was added when NPAPI support was landed:
https://hg.mozilla.org/mozilla-central/diff/09dc9b406bd6/embedding/android/AndroidManifest.xml.in

the confusing thing for me, is the permission is not requested in the droid_plugins branch:
https://hg.mozilla.org/users/blassey_mozilla.com/droid-plugins/annotate/b12d4e6cdfcc/embedding/android/AndroidManifest.xml.in

Doug, any idea why this (and the other 5 permission requests) were added?
Also, according to this search:
https://www.google.com/search?q=READ_LOGS+site%3Ahttp%3A%2F%2Fdeveloper.android.com%2Freference%2Fandroid%2F

the only reason to request this is to use ACTION_DROPBOX_ENTRY_ADDED
http://developer.android.com/reference/android/os/DropBoxManager.html#ACTION_DROPBOX_ENTRY_ADDED

and according to this mxr search we're not using that:
http://mxr.mozilla.org/mozilla-central/search?string=ACTION_DROPBOX_ENTRY_ADDED&filter=[Aa]CTION_DROPBOX_ENTRY_ADDED
per today's planning meeting:

1) unclear if we do actually need this permission in beta - if not, can we do anything before 9.0beta2?

2) if it turns out we do need this permission, we need to add this to the 9.0beta release notes.
I removed READ_LOGS, WAKE_LOCK, ACCESS_WIFI_STATE, and CHANGE_NETWORK_STATE from the manifest locally and don't seem to be having any issues with flash
The permissions added by the Flash patches are documented in the latest revision of https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests#os=android&browser=m9
Blocks: 630007
tracking-fennec: --- → ?
status-firefox10: --- → affected
status-firefox11: --- → affected
status-firefox9: --- → affected
tracking-firefox9: --- → ?
Depends on: 672352

Comment 8

6 years ago
When implementing flash on Android, we saw lots of failures for not having the right permission.  I'd add one, then try a few more sites.  At about 3 or 4 new failures, I just gave up (knowing that I could never catch every failure) and copied what Opera had (yes, they did it first).

It would be good to get the exact list of required permissions from Adobe.  It might also be fine with removing everything we can and have people report the failures.
Created attachment 575015 [details] [diff] [review]
patch

yea, let's go with that.
Assignee: nobody → blassey.bugs
Attachment #575015 - Flags: review?(doug.turner)

Updated

6 years ago
Attachment #575015 - Flags: review?(doug.turner) → review+
https://hg.mozilla.org/projects/birch/rev/4aa196ded1b0
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ccba9e140f2 and https://hg.mozilla.org/projects/birch/rev/4aa196ded1b0
(Assignee)

Updated

6 years ago
Attachment #575015 - Flags: approval-mozilla-beta?
Attachment #575015 - Flags: approval-mozilla-aurora?
Depends on: 703661
Created attachment 575511 [details] [diff] [review]
add WAKE_LOCK back

We have seen permission failures in birch due to the missing WAKE_LOCK permission check. This patch adds it back.
Attachment #575511 - Flags: review?(blassey.bugs)
The logcat for WAKE_LOCK

W/System.err( 3318): java.lang.SecurityException: Neither user 10067 nor current process has android.permission.WAKE_LOCK.
W/System.err( 3318):    at android.os.Parcel.readException(Parcel.java:1322)
W/System.err( 3318):    at android.os.Parcel.readException(Parcel.java:1276)
W/System.err( 3318):    at android.os.IPowerManager$Stub$Proxy.acquireWakeLock(IPowerManager.java:277)
W/System.err( 3318):    at android.os.PowerManager$WakeLock.acquire(PowerManager.java:253)
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.nativeRun(Native Method)
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:447)
W/System.err( 3318):    at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:115)
Comment on attachment 575511 [details] [diff] [review]
add WAKE_LOCK back

make sure to put a comment in the push saying why we need this
Attachment #575511 - Flags: review?(blassey.bugs) → review+
https://hg.mozilla.org/projects/birch/rev/0695a3352ef8
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
If this patch lands in Aurora and Beta, it should *not* remove the WAKE_LOCK permission (bug 703661).
https://hg.mozilla.org/mozilla-central/rev/2ccba9e140f2
Target Milestone: --- → Firefox 11

Comment 18

6 years ago
Comment on attachment 575015 [details] [diff] [review]
patch

[triage comment]
Please land this on aurora and beta asap.
Attachment #575015 - Flags: approval-mozilla-beta?
Attachment #575015 - Flags: approval-mozilla-beta+
Attachment #575015 - Flags: approval-mozilla-aurora?
Attachment #575015 - Flags: approval-mozilla-aurora+
pushed https://hg.mozilla.org/releases/mozilla-beta/rev/c2e999705076 and https://hg.mozilla.org/releases/mozilla-aurora/rev/0b241bbfe57d
status-firefox10: affected → fixed
status-firefox11: affected → fixed
status-firefox9: affected → fixed

Updated

6 years ago
tracking-firefox9: ? → -
Verified fixed on:
Mozilla/5.0 (Android;Linux armv7l;rv:10.0)Gecko/20111228
Firefox/10.0 Fennec/10.0
Devices: Samsung Galaxy S
OS: Android 2.2
Status: RESOLVED → VERIFIED
tracking-fennec: ? → ---
You need to log in before you can comment on or make changes to this bug.