Closed Bug 719238 Opened 14 years ago Closed 11 years ago

Detect sensitive APIs used in apps

Categories

(addons.mozilla.org Graveyard :: Add-on Builder, defect, P2)

Product:
addons.mozilla.org Graveyard
Component:
Add-on Builder
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: clouserw, Unassigned)

Details

(Whiteboard: [needs spec])

This bug is for detecting the use of sensitive/privileged APIs in app manifests. We can start with the geolocation API. This bug is a placeholder for now as: 1) We don't have the complete list of sensitive APIs 2) We don't have documentation for how to detect the sensitive APIs mhanson and dchan are proposing something this week and the feedback for that should be done elsewhere but I wanted this bug filed. :)
Assignee: mattbasta → fligtar
Priority: P1 → P3
Should Justin be owning this bug? What is the status?
Blocks: 752013
No longer blocks: 710074
Priority: P3 → P2
No longer blocks: 752013
Assignee: fligtar → nobody
Is this bug still on the roadmap? This bug doesn't seem to apply for v1 since only Mozilla will create certified apps and only certified apps get interesting permissions.
(In reply to David Chan [:dchan] from comment #2) > This bug doesn't seem to apply for v1 since only Mozilla will create > certified apps and only certified apps get interesting permissions. That's not true, at least hopefully. There are a number of "requires permission" APIs available to privileged 3rd party apps. There's an additional number of APIs only available to certified apps. In the interest of developers, the former should be the rule, unless we have a very very good reason to require certification for APIs (such as the dialer API).
From http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsInstaller.jsm The list of ALLOW permissions for privileged apps is ["resource-lock", "alarms", "tcp-socket", "browser", "fmradio", "systemXHR"] and PROMPT permissions is ["geolocation", "camera", "contacts", "device-storage:apps", "device-storage:pictures", "device-storage:videos", "device-storage:music", "device-storage:sdcard", "wifi"] I thought the set was smaller, but you're right :wenzel. From the above list, the most concerning to me are the tcp-socket and systemXHR permission since it allows data ex-filtration. The other permissions may or may not be dangerous in the absence of tcp-socket / systemXHR. The PROMPT permissions provide a way for an app to retrieve user data, but that may not be useful without a way to get the data off the device.
The builder project has been discontinued as of April 1st, 2014. The announcement last year: https://blog.mozilla.org/addons/2013/12/18/add-on-builder/ Next steps (still being written): https://developer.mozilla.org/en-US/Add-ons/SDK/Builder
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → WONTFIX
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.