Closed
Bug 849630
Opened 11 years ago
Closed 3 years ago
Offer download prompt on start of download
Categories
(Firefox for Android Graveyard :: Download Manager, defect, P5)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: aaronmt, Unassigned, NeedInfo)
References
Details
Attachments
(2 files)
488.08 KB,
image/png
|
Details | |
3.77 KB,
patch
|
sebastian
:
feedback+
|
Details | Diff | Splinter Review |
Accidentally initiated a large download over a cellular connection and did not realize until a third through the download that I wasn't on Wi-Fi. It would be nice if Firefox prompted via popup or door-hanger the download file size (MB) and offered an Ok/Cancel to start the download very much akin to desktop - bonus if if recognizes a cellular data connection and warns appropriately.
Comment 1•11 years ago
|
||
It seems strange to me that this doesn't exist. I regularly follow links from the Twitter app (which doesn't show the full url for some daft reason) and Firefox will start a download without asking. I'm not entirely sure how Android is structured, but this looks like a security risk.
Reporter | ||
Comment 2•11 years ago
|
||
Agreed. This bug is open to anyone interested in writing a patch and maybe potential for it to be a mentored good first bug for anyone.
Comment 3•11 years ago
|
||
We do offer a notification prompt. Offering another prompt on top of it seems like it would get annoying. I think I would rather we made our download system aware of the connection type and your Android connection preferences. i.e. You can tell Android not to download large things over a cell network, and we should honor that.
Comment 4•11 years ago
|
||
(In reply to Wesley Johnston (:wesj) from comment #3) > We do offer a notification prompt. Offering another prompt on top of it > seems like it would get annoying. Is it a feature in the beta? I use the release build, and have never been prompted - nor can I find any settings for it. But yes, multiple prompts would be unnecessary.
Comment 5•10 years ago
|
||
(In reply to Wesley Johnston (:wesj) from comment #3) > We do offer a notification prompt. Offering another prompt on top of it > seems like it would get annoying. The notification isn't exactly a "prompt" -- it's something that's displayed while the download happens. The download itself gets saved automatically, without any user interaction. (Compare this to desktop Firefox, where the download won't get saved unless you explicitly press a "Save File" button.) This MozillaZine thread points out that this makes it easy to waste bandwidth and power on pages that start "drive-by" downloads: http://forums.mozillazine.org/viewtopic.php?f=47&t=2790365
Reporter | ||
Comment 6•10 years ago
|
||
Google Chrome dialog
Comment 7•10 years ago
|
||
(In reply to Aaron Train [:aaronmt] from comment #6) > Created attachment 8357940 [details] > chrome-dialog > > Google Chrome dialog Only for APKs?
Comment 8•10 years ago
|
||
(In reply to Matt Brubeck (:mbrubeck) from comment #5) > The notification isn't exactly a "prompt" -- it's something that's displayed > while the download happens. The download itself gets saved automatically, > without any user interaction. (Compare this to desktop Firefox, where the > download won't get saved unless you explicitly press a "Save File" button.) That's not exactly true. Desktop starts the download instantly and starts saving the file for you before you hit the save button. Clicking "Cancel" will end the download and trash the temp file.
Reporter | ||
Comment 9•10 years ago
|
||
(In reply to Mark Finkle (:mfinkle) from comment #7) > (In reply to Aaron Train [:aaronmt] from comment #6) > > Created attachment 8357940 [details] > > chrome-dialog > > > > Google Chrome dialog > > Only for APKs? Looks like it
Reporter | ||
Updated•9 years ago
|
Severity: enhancement → normal
Comment 11•9 years ago
|
||
There are sites so eager to promote their apps by simply forcing browser to download their app installer on every web page. This is especially annoying when you are on cellular data and all of a sudden the download starts automatically. Also, please see this [http://www.androidpolice.com/2013/09/11/security-firefox-for-android-can-be-tricked-into-automatically-downloading-and-executing-malicious-code/] where the downloaded apk got opened immediately the download finished. There are many people out there who have to choose to allow installation of apps from untrusted sources so this seems to me a very serious security risk.
Comment 12•9 years ago
|
||
I think there's a nice security/privacy/transparency connection to tracking protection and safe browsing. gcp: has this kind of feature ever been considered as part of safe browsing?
Flags: needinfo?(gpascutto)
Comment 13•9 years ago
|
||
Maybe something to take up with Google's team and see if we'd want to consider these "Unwanted Software".
Flags: needinfo?(gpascutto) → needinfo?(francois)
Comment 14•9 years ago
|
||
Yes, it does seem like something that should be in scope for unwanted software if it's not already. What's the exact mechanism they use to trigger these automatic downloads? Do we have an example of a site that does it?
Flags: needinfo?(francois)
Comment 15•9 years ago
|
||
(In reply to François Marier [:francois] from comment #14) > Yes, it does seem like something that should be in scope for unwanted > software if it's not already. > > What's the exact mechanism they use to trigger these automatic downloads? Do > we have an example of a site that does it? They simply put a "window.location.href = <download_link>" in the js file. For instance, visit http://www.zybang.com/question/1ef2ec484ecb2a6acfd8b411e111e37b.html with keyword "Android" in your useragent(to trigger the download of apk). Its an online question-and-answer site where every question page forces a "drive-by" download if an Android device is detected. It's not really unwanted software because the app does not do anything annoying itself. What's really annoying is their way of promoting their app. They really shouldn't force every visitor to download their product. So I suppose the user have the right to make a choice: download if I am interested in the app or cancel if not.
Comment 16•9 years ago
|
||
(In reply to dbw9580 from comment #15) > It's not really unwanted software because the app does not do anything > annoying itself. https://www.google.com/about/company/unwanted-software-policy.html * Download of the software should only begin when the user has consented to the download by clicking on a clearly-labelled download button. That said AFAIK there isn't even a way to report things not in the list to Google. So even if we'd block this via SafeBrowsing I'm not sure that's the solution we want to rely on.
Comment hidden (advocacy) |
Updated•8 years ago
|
Priority: -- → P2
Comment 18•8 years ago
|
||
The patch that China uses is here: https://github.com/MozillaOnline/gecko-dev/commit/53909706fc709ef3a3f3abae0728fd8670ad4b78
Comment 19•7 years ago
|
||
does anyone have any thought as to what the threshold should be for a large download? Or do we want to ask on every download?
Comment 20•7 years ago
|
||
Here's the patch from the China team. It adds the dialog for every download (which I'm not sure is right). Adding yet another pref to enable/disable this dialog seems like overkill. I think we should pick a threshhold, and check it via aLauncher.contentLength and only show the dialog in that case.
Attachment #8863375 -
Flags: feedback?(s.kaspari)
Comment 21•7 years ago
|
||
What do we do when the content length is unknown or the server is slow to reply?
Comment 22•7 years ago
|
||
> What do we do when the content length is unknown or the server is slow to reply?
Yeah, I was wondering that too. I personally think we show the dialog. Err on the side of making sure they want the download.
I've looked at other browsers and no one really does this stuff consistently. Some have really nice UIs where they confirm every download and even allow you to change the name. Others do nothing.
So there's no lead to follow here, we can just do what we think is best for the user.
Comment 23•7 years ago
|
||
Comment on attachment 8863375 [details] [diff] [review] Patch from China Team Review of attachment 8863375 [details] [diff] [review]: ----------------------------------------------------------------- Technically this is okay. But yeah, let's involve UX/Product. ::: mobile/android/components/HelperAppDialog.js @@ +140,5 @@ > + let bundle = Services.strings.createBundle("chrome://browser/locale/browser.properties"); > + let url = aLauncher.source.specIgnoringRef.split("/"); > + new Prompt({ > + title: bundle.GetStringFromName("helperapps.saveToDisk"), > + message: bundle.formatStringFromName("helperapps.downloadPermission", [decodeURIComponent(url[url.length - 1])], 1), The last path segment and the actual filename do not necessarily need to match. So this could be misleading, maybe even used to trick the user into downloading (and then opening) something else? But then again we currently just download everything.
Attachment #8863375 -
Flags: feedback?(s.kaspari) → feedback+
Comment 24•7 years ago
|
||
> Technically this is okay. But yeah, let's involve UX/Product.
What's the best way to do that?
Comment 26•7 years ago
|
||
Looks like this isn't a P1 right now so I'm going to NI Product to prioritize this.
Flags: needinfo?(alam) → needinfo?(jcheng)
Comment 27•7 years ago
|
||
The patch is already done. It's just a question of UI review.
Comment 28•6 years ago
|
||
Can't believe downloading prompt exists in desktop Firefox but not in mobile version. The mobile browser is more prone to receive unintended clicks, and data connection costs money! Please add this feature ASAP. Since there's "show images" setting under "data saver" section, I think it's not hard to add a "download apk" setting too. Further, add a "download large file over 1MB" is great.
Comment 29•6 years ago
|
||
It got me mad! Every time I open http://gu.sina.cn/fx/hq/quotes.php?code=usdcny&from=wap it triggers 2 download of an apk file, and now there's bunch of x.apk, x(1).apk, x(2).apk files in the download! Is this another bug? Firfox should know that file has been downloaded and do not waste data cost again and again!
Comment hidden (advocacy) |
Comment 31•6 years ago
|
||
(In reply to Mike Kaply [:mkaply] from comment #20) > Created attachment 8863375 [details] [diff] [review] > Patch from China Team > > Here's the patch from the China team. It adds the dialog for every download > (which I'm not sure is right). > > Adding yet another pref to enable/disable this dialog seems like overkill. > > I think we should pick a threshhold, and check it via > aLauncher.contentLength and only show the dialog in that case. There is no threshod for an unwanted file. why not show the file size and file name to user and let the user choose?
Comment 32•6 years ago
|
||
We have a patch, we just need UX here. Can we get someone to take a look? Joe?
Comment 33•6 years ago
|
||
Tired to wait for the patch. I wrote an addon to implement this feature: https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/
Comment 34•6 years ago
|
||
(In reply to StrongOp from comment #33) > Tired to wait for the patch. > I wrote an addon to implement this feature: > > https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/ You are awesome! It's the add-ons that make Mozilla great!
Comment 35•6 years ago
|
||
(In reply to StrongOp from comment #33) > Tired to wait for the patch. > I wrote an addon to implement this feature: > > https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/ This is awesome! Thanks so much for doing this, I will try to direct folks to this ticket and to your extension. Many thanks!
Comment 36•6 years ago
|
||
Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195 Needinfo :susheel if you think this bug should be re-triaged.
Priority: P2 → P5
Comment 37•3 years ago
|
||
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Updated•3 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•