The new native front end for Firefox for Android will write history and bookmarks to the Android system history and bookmark storage. This will allow 3rd-party grayware that requests the permission to read the system browsing history and bookmark storage to read that data. There might be other Android permissions that allow 3rd-party apps read private data written by Firefox. Please add documentation that explains which Android permissions are risky to grant to 3rd-party apps in the sense that granting those permissions allows 3rd-party apps read private data stored by Firefox.
Hey Henri, we don't track articles in Bugzilla anymore, plesae repost in the KB Article forum here: https://support.mozilla.com/en-US/forums/knowledge-base-articles CC'ing Michael just in case.
Hi, Thanks very much for filing this bug. We have an article about the permissions that Firefox mobile uses today. And I think this new content you're requesting is generally for the same audience and addresses similar concerns. See https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests I've added a 'change needed' to the above article that points to this bug, so we can work together on adding information about the native UI issue. I'm also adding mbrubeck to this bug, since he authored the permissions article above, to see if he agrees that we should add it to the existing article or create a new article instead.
I agree that the current Android permissions article is a good place to add this documentation. Any app with READ_HISTORY_BOOKMARKS permission ("read Browser's history and bookmarks") can read the bookmarks and history database that is used by both Firefox and the default Android browser. And any app with WRITE_HISTORY_BOOKMARKS ("write Browser's history and bookmarks") can add, change, or remove entries in the history and bookmark database.
As stated, we don't track article request in Bugzilla. Post a new thread in https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests/discuss