Closed Bug 849630 Opened 11 years ago Closed 3 years ago

Offer download prompt on start of download

Categories

(Firefox for Android Graveyard :: Download Manager, defect, P5)

Product:
Firefox for Android Graveyard
Component:
Download Manager
Platform:
ARM
Android
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: aaronmt, Unassigned, NeedInfo)

References

Details

Attachments

(2 files)

chrome-dialog
488.08 KB, image/png
Details
Patch from China Team
3.77 KB, patch
sebastian
: feedback+
Details | Diff | Splinter Review 
Accidentally initiated a large download over a cellular connection and did not realize until a third through the download that I wasn't on Wi-Fi. It would be nice if Firefox prompted via popup or door-hanger the download file size (MB) and offered an Ok/Cancel to start the download very much akin to desktop - bonus if if recognizes a cellular data connection and warns appropriately.
It seems strange to me that this doesn't exist. I regularly follow links from the Twitter app (which doesn't show the full url for some daft reason) and Firefox will start a download without asking. I'm not entirely sure how Android is structured, but this looks like a security risk.
Agreed. This bug is open to anyone interested in writing a patch and maybe potential for it to be a mentored good first bug for anyone.
We do offer a notification prompt. Offering another prompt on top of it seems like it would get annoying.

I think I would rather we made our download system aware of the connection type and your Android connection preferences. i.e. You can tell Android not to download large things over a cell network, and we should honor that.
(In reply to Wesley Johnston (:wesj) from comment #3)
> We do offer a notification prompt. Offering another prompt on top of it
> seems like it would get annoying.


Is it a feature in the beta? I use the release build, and have never been prompted - nor can I find any settings for it. But yes, multiple prompts would be unnecessary.
(In reply to Wesley Johnston (:wesj) from comment #3)
> We do offer a notification prompt. Offering another prompt on top of it
> seems like it would get annoying.

The notification isn't exactly a "prompt" -- it's something that's displayed while the download happens.  The download itself gets saved automatically, without any user interaction.  (Compare this to desktop Firefox, where the download won't get saved unless you explicitly press a "Save File" button.)

This MozillaZine thread points out that this makes it easy to waste bandwidth and power on pages that start "drive-by" downloads:
http://forums.mozillazine.org/viewtopic.php?f=47&t=2790365
Attached image chrome-dialog 
Google Chrome dialog
(In reply to Aaron Train [:aaronmt] from comment #6)
> Created attachment 8357940 [details]
> chrome-dialog
> 
> Google Chrome dialog

Only for APKs?
(In reply to Matt Brubeck (:mbrubeck) from comment #5)
> The notification isn't exactly a "prompt" -- it's something that's displayed
> while the download happens.  The download itself gets saved automatically,
> without any user interaction.  (Compare this to desktop Firefox, where the
> download won't get saved unless you explicitly press a "Save File" button.)

That's not exactly true. Desktop starts the download instantly and starts saving the file for you before you hit the save button. Clicking "Cancel" will end the download and trash the temp file.
(In reply to Mark Finkle (:mfinkle) from comment #7)
> (In reply to Aaron Train [:aaronmt] from comment #6)
> > Created attachment 8357940 [details]
> > chrome-dialog
> > 
> > Google Chrome dialog
> 
> Only for APKs?

Looks like it
Blocks: 1093113
Severity: enhancement → normal
There are sites so eager to promote their apps by simply forcing browser to download their app installer on every web page. This is especially annoying when you are on cellular data and all of a sudden the download starts automatically.
Also, please see this [http://www.androidpolice.com/2013/09/11/security-firefox-for-android-can-be-tricked-into-automatically-downloading-and-executing-malicious-code/] where the downloaded apk got opened immediately the download finished. There are many people out there who have to choose to allow installation of apps from untrusted sources so this seems to me a very serious security risk.
I think there's a nice security/privacy/transparency connection to tracking protection and safe browsing.

gcp: has this kind of feature ever been considered as part of safe browsing?
Flags: needinfo?(gpascutto)
Maybe something to take up with Google's team and see if we'd want to consider these "Unwanted Software".
Flags: needinfo?(gpascutto) → needinfo?(francois)
Yes, it does seem like something that should be in scope for unwanted software if it's not already.

What's the exact mechanism they use to trigger these automatic downloads? Do we have an example of a site that does it?
Flags: needinfo?(francois)
(In reply to François Marier [:francois] from comment #14)
> Yes, it does seem like something that should be in scope for unwanted
> software if it's not already.
> 
> What's the exact mechanism they use to trigger these automatic downloads? Do
> we have an example of a site that does it?

They simply put a "window.location.href = <download_link>" in the js file. For instance, visit http://www.zybang.com/question/1ef2ec484ecb2a6acfd8b411e111e37b.html with keyword "Android" in your useragent(to trigger the download of apk). Its an online question-and-answer site where every question page forces a "drive-by" download if an Android device is detected.

It's not really unwanted software because the app does not do anything annoying itself. What's really annoying is their way of promoting their app. They really shouldn't force every visitor to download their product.

So I suppose the user have the right to make a choice: download if I am interested in the app or cancel if not.
(In reply to dbw9580 from comment #15)

> It's not really unwanted software because the app does not do anything
> annoying itself.

https://www.google.com/about/company/unwanted-software-policy.html
* Download of the software should only begin when the user has consented to the download by clicking on a clearly-labelled download button. 

That said AFAIK there isn't even a way to report things not in the list to Google. So even if we'd block this via SafeBrowsing I'm not sure that's the solution we want to rely on.
Priority: -- → P2
does anyone have any thought as to what the threshold should be for a large download?

Or do we want to ask on every download?
Here's the patch from the China team. It adds the dialog for every download (which I'm not sure is right).

Adding yet another pref to enable/disable this dialog seems like overkill.

I think we should pick a threshhold, and check it via aLauncher.contentLength and only show the dialog in that case.
Attachment #8863375 - Flags: feedback?(s.kaspari)
What do we do when the content length is unknown or the server is slow to reply?
> What do we do when the content length is unknown or the server is slow to reply?

Yeah, I was wondering that too. I personally think we show the dialog. Err on the side of making sure they want the download.

I've looked at other browsers and no one really does this stuff consistently. Some have really nice UIs where they confirm every download and even allow you to change the name. Others do nothing.

So there's no lead to follow here, we can just do what we think is best for the user.
Comment on attachment 8863375 [details] [diff] [review]
Patch from China Team

Review of attachment 8863375 [details] [diff] [review]:
-----------------------------------------------------------------

Technically this is okay. But yeah, let's involve UX/Product.

::: mobile/android/components/HelperAppDialog.js
@@ +140,5 @@
> +    let bundle = Services.strings.createBundle("chrome://browser/locale/browser.properties");
> +    let url = aLauncher.source.specIgnoringRef.split("/");
> +    new Prompt({
> +      title: bundle.GetStringFromName("helperapps.saveToDisk"),
> +      message: bundle.formatStringFromName("helperapps.downloadPermission", [decodeURIComponent(url[url.length - 1])], 1),

The last path segment and the actual filename do not necessarily need to match. So this could be misleading, maybe even used to trick the user into downloading (and then opening) something else? But then again we currently just download everything.
Attachment #8863375 - Flags: feedback?(s.kaspari) → feedback+
> Technically this is okay. But yeah, let's involve UX/Product.

What's the best way to do that?
I guess pinging Anthony.
Flags: needinfo?(alam)
Looks like this isn't a P1 right now so I'm going to NI Product to prioritize this.
Flags: needinfo?(alam) → needinfo?(jcheng)
The patch is already done. It's just a question of UI review.
Can't believe downloading prompt exists in desktop Firefox but not in mobile version. The mobile browser is more prone to receive unintended clicks, and data connection costs money! Please add this feature ASAP.

Since there's "show images" setting under "data saver" section, I think it's not hard to add a "download apk" setting too. Further, add a "download large file over 1MB" is great.
It got me mad! Every time I open http://gu.sina.cn/fx/hq/quotes.php?code=usdcny&from=wap it triggers 2 download of an apk file, and now there's bunch of x.apk, x(1).apk, x(2).apk files in the download! Is this another bug? Firfox should know that file has been downloaded and do not waste data cost again and again!
(In reply to Mike Kaply [:mkaply] from comment #20)
> Created attachment 8863375 [details] [diff] [review]
> Patch from China Team
> 
> Here's the patch from the China team. It adds the dialog for every download
> (which I'm not sure is right).
> 
> Adding yet another pref to enable/disable this dialog seems like overkill.
> 
> I think we should pick a threshhold, and check it via
> aLauncher.contentLength and only show the dialog in that case.

There is no threshod for an unwanted file.
why not show the file size and file name to user and let the user choose?
We have a patch, we just need UX here. Can we get someone to take a look?

Joe?
Tired to wait for the patch.
I wrote an addon to implement this feature:

https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/
(In reply to StrongOp from comment #33)
> Tired to wait for the patch.
> I wrote an addon to implement this feature:
> 
> https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/

You are awesome! It's the add-ons that make Mozilla great!
(In reply to StrongOp from comment #33)
> Tired to wait for the patch.
> I wrote an addon to implement this feature:
> 
> https://addons.mozilla.org/en-US/firefox/addon/ask-before-download/

This is awesome!  Thanks so much for doing this, I will try to direct folks to this ticket and to your extension.  Many thanks!
Re-triaging per https://bugzilla.mozilla.org/show_bug.cgi?id=1473195

Needinfo :susheel if you think this bug should be re-triaged.
Priority: P2 → P5
We have completed our launch of our new Firefox on Android. The development of the new versions use GitHub for issue tracking. If the bug report still reproduces in a current version of [Firefox on Android nightly](https://play.google.com/store/apps/details?id=org.mozilla.fenix) an issue can be reported at the [Fenix GitHub project](https://github.com/mozilla-mobile/fenix/). If you want to discuss your report please use [Mozilla's chat](https://wiki.mozilla.org/Matrix#Connect_to_Matrix) server https://chat.mozilla.org and join the [#fenix](https://chat.mozilla.org/#/room/#fenix:mozilla.org) channel.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: