Security Review for Web Intents
Still chasing appropriate bug for this.
Duplicate of this bug: 751183
Assignee: nobody → dveditz
Status: NEW → ASSIGNED
Possibly limited set of activities for milestone 3
Priority: -- → P1
Brain dump of a list of threats: 1. Handle an activity that provides access to sensitive information - Mitigation: only certified (trusted and from carrier) apps can register for certain types TODO: what types? sms, dialing, 2. Handle an activity, and deliberately return malicious/malformed/empty data (.e.g pretend to be the Contact app and PICK the wrong number for a contact) - Mitigation: Apps should treat all data as untrusted input - Mitigation: An app that returns broken or no data should be not chosen in the future by the user 3. Start an activity with a malicious payload (e.g. SMS to expensive number, SHARE exe instead of a photo - Mitigation: Apps fulfilling activities must validate the data provided - Mitigation: Handling of activity must allow for user review (e.g. for SMS, the user has a chance to clearly review where the SMS is going to be sent, and it's contents) 4. Start an activity that is sensitive: - Mitigation: Ensure that ALL activities are safe to start (user should always have a chance to review the action before it is completed) (NB: in the gallery app case, should the LAUNCH camera be changed to PICK photo from camera since that is really what you are doing here?) 5. Too many apps are registered so the user can't see all the apps registered for an activity - Mitigation: provide a way to hide/remove an activity handler for a given app (or is the only option to remove the app entirely)
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [secreview complete][start mm/dd/yyyy][target mm/dd/yyyy]
review is done, marking resolved fixed, we still have a blocking bug for this bug before we can go confirmed fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.