Closed Bug 789296 Opened 12 years ago Closed 12 years ago

[Security Review] Campaign management / product announcements for Firefox for Android

Categories

(mozilla.org :: Security Assurance: Review Request, task, P1)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
ARM
Android
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: smott, Assigned: mgoodwin)

References

(
URL
)

Details

(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][snippets]) 

This request for a security review for the Firefox for Android feature Cloud To Device Messaging (see bug 774497).  

Background: The purpose of Cloud to Device Messaging is to provide a communication method that allows marketing to send a message to GA users that have Firefox for Android installed, and allows a message to be sent regardless of whether or not the application is currently open.  

Full Feature Page: https://wiki.mozilla.org/Features/Fennec/Cloud_to_Device_Messaging

We are exploring the range of service options that we have to send messages to user's devices. The main candidate is Google Cloud Messaging.
1) Who is/are the point of contact(s) for this review?
2) Please provide a short description of the feature / application (e.g. problem solved, use cases, etc.):
3) Please provide links to additional information (e.g. feature page, wiki) if available and not yet included in feature description:
4) Does this request block another bug? If so, please indicate the bug number
5) This review will be scheduled amongst other requested reviews. What is the urgency or needed completion date of this review?
6) To help prioritize this work request, does this project support a goal specifically listed on this quarter's goal list?  If so, which goal?
7) Please answer the following few questions: (Note: If you are asked to describe anything, 1-2 sentences shall suffice.)
7a) Does this feature or code change affect Firefox, Thunderbird or any product or service the Mozilla ships to end users?
7b) Are there any portions of the project that interact with 3rd party services?
7c) Will your application/service collect user data? If so, please describe
8) If you feel something is missing here or you would like to provide other kind of feedback, feel free to do so here (no limits on size):
9) Desired Date of review (if known from https://mail.mozilla.com/home/ckoenig@mozilla.com/Security%20Review.html) and whom to invite.
Whiteboard: [pending secreview][needs info]
Feature page:

https://wiki.mozilla.org/Features/Fennec/Android_Snippets

More answers should be showing up at the start of Q4.
Whiteboard: [pending secreview][needs info] → [pending secreview][needs info][snippets]
What's the status on this?  What is the target/approximate date we should have the security review?
Summary: [Security Review] Cloud-to-Device Messaging for Firefox for Android → [Security Review] Campaign management / product announcements for Firefox for Android
(In reply to Tanvi Vyas from comment #3)
> What's the status on this?  What is the target/approximate date we should
> have the security review?

The stub UX for this just landed in inbound as part of Bug 793056. This is quite literally just a checkbox that writes a boolean pref, so I wanted to get that string in for l10n before finishing the rest of the feature.

The server side work is being tracked in Bug 793936, and client-side work in Bug 793053 and Bug 793056. Both are progressing.

The spec is complete and ready for analysis:

  https://wiki.mozilla.org/User:Mconnor/Current/Snippets_Service

The sooner the better on that, because we are aiming to ship this with Fx18.
Depends on: 793056, 793053, 793936
Depends on: 799834
Whiteboard: [pending secreview][needs info][snippets] → [pending secreview][triage needed][snippets]
Assignee: nobody → mgoodwin
Whiteboard: [pending secreview][triage needed][snippets] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][snippets]
Tanvi, Curtis, mgoodwin: how does Wed 17th @ 1pm sound? (A free slot according to the calendar.)

Client code should be done with review cycle at that point, so it's a good time to do some thinking about the whole system (server still in development) and more detailed examination of the Android code before landing.
Changing this to resolved->fixed as the review as done (https://wiki.mozilla.org/Security/Reviews/Campaign_management)
:mgoodwin - do we need to do an impl review on the code here?
URL: https://wiki.mozilla.org/Security/Rev...
Status: NEW → RESOLVED
Closed: 12 years ago
Flags: needinfo?(mgoodwin)
Resolution: --- → FIXED
Changing this to resolved->fixed as the review as done (https://wiki.mozilla.org/Security/Reviews/Campaign_management)
:mgoodwin - do we need to do an impl review on the code here?
(In reply to Curtis Koenig [:curtisk] from comment #8)
> :mgoodwin - do we need to do an impl review on the code here?

I don't think we do.
Flags: needinfo?(mgoodwin)
You need to log in before you can comment on or make changes to this bug.