Closed Bug 704768 Opened 13 years ago Closed 11 years ago

Document what Android permissions allow 3rd-party apps read private data stored by Firefox

Categories

(support.mozilla.org :: Knowledge Base Articles, task)

Product:
support.mozilla.org
Component:
Knowledge Base Articles
Platform:
All
Android
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: hsivonen, Unassigned)

Details

The new native front end for Firefox for Android will write history and bookmarks to the Android system history and bookmark storage. This will allow 3rd-party grayware that requests the permission to read the system browsing history and bookmark storage to read that data. There might be other Android permissions that allow 3rd-party apps read private data written by Firefox.

Please add documentation that explains which Android permissions are risky to grant to 3rd-party apps in the sense that granting those permissions allows 3rd-party apps read private data stored by Firefox.
Hey Henri, we don't track articles in Bugzilla anymore, plesae repost in the KB Article forum here: https://support.mozilla.com/en-US/forums/knowledge-base-articles

CC'ing Michael just in case.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → INVALID
Hi,

Thanks very much for filing this bug.

We have an article about the permissions that Firefox mobile uses today. And I think this new content you're requesting is generally for the same audience and addresses similar concerns. See https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests

I've added a 'change needed' to the above article that points to this bug, so we can work together on adding information about the native UI issue. I'm also adding mbrubeck to this bug, since he authored the permissions article above, to see if he agrees that we should add it to the existing article or create a new article instead.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
I agree that the current Android permissions article is a good place to add this documentation.

Any app with READ_HISTORY_BOOKMARKS permission ("read Browser's history and bookmarks") can read the bookmarks and history database that is used by both Firefox and the default Android browser.  And any app with WRITE_HISTORY_BOOKMARKS ("write Browser's history and bookmarks") can add, change, or remove entries in the history and bookmark database.
As stated, we don't track article request in Bugzilla.
Post a new thread in https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests/discuss
Status: REOPENED → RESOLVED
Closed: 13 years ago11 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.