Closed
Bug 951264
Opened 11 years ago
Closed 11 years ago
COPPA support for Firefox Accounts on Android
Categories
(Firefox for Android Graveyard :: Android Sync, defect)
Firefox for Android Graveyard
Android Sync
Tracking
(firefox29 verified)
VERIFIED
FIXED
Firefox 29
Tracking | Status | |
---|---|---|
firefox29 | --- | verified |
People
(Reporter: nalexander, Assigned: nalexander)
References
Details
(Whiteboard: [qa+])
Attachments
(1 file)
We have a strong requirement to make sure that Firefox Accounts created on Android devices follow the COPPA legal framework.
We have discussed asking for age verification at sign up time and at account verification time. Current thinking is that we will age verify at sign up time because we want to keep the invariant
"existance of FxA === passed COPPA"
Updated•11 years ago
|
Whiteboard: [qa+]
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → nalexander
Status: NEW → ASSIGNED
Assignee | ||
Comment 1•11 years ago
|
||
Attachment #8362044 -
Flags: review?(rnewman)
Updated•11 years ago
|
Flags: needinfo?(rfeeley)
Assignee | ||
Comment 3•11 years ago
|
||
Whiteboard: [qa+] → [qa+][fixed in services]
Assignee | ||
Comment 4•11 years ago
|
||
Comment on attachment 8362044 [details] [review]
github PR
Reviewed on github.
Attachment #8362044 -
Flags: review?(rnewman) → review+
Comment 5•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [qa+][fixed in services] → [qa+]
Target Milestone: --- → Firefox 29
Assignee | ||
Comment 6•11 years ago
|
||
QA:
If a user tries to create an account and is too young (defined as 13 or younger, i.e., born 2001 or younger), this implements a 15 minute lockout period. Attempts to create an account during that period should hard redirect to a "no can do" screen. The lockout is stored in process memory; killing the process, or uninstalling the Android package, etc, will forget the lockout.
There is extensive debug log output about the age check that will be killed before the Aurora merge (Bug 962126) but that will be helpful when testing.
Doesn't a 15 min lockout seem a bit heavy handed? What if I accidentally tapped the wrong year. If I get 'locked' out, I should at least be informed of the timeout, and provided a way to resolve this myself. I don't want users to just give up on using FxA.
Bottom line is we should minimize support emails and user frustration.
Assignee | ||
Comment 8•11 years ago
|
||
(In reply to ewong from comment #7)
> Doesn't a 15 min lockout seem a bit heavy handed? What if I accidentally
> tapped the wrong year. If I get 'locked' out, I should at least be informed
> of the timeout, and provided a way to resolve this myself. I don't want
> users to just give up on using FxA.
>
> Bottom line is we should minimize support emails and user frustration.
Decision came to me via rfeeley, who got it from legal. I assume we'll sign off before Aurora merge, which gives us an opportunity to revisit. I don't care what we do but changing it (in a way other than adjusting the lockout length) is work.
Updated•11 years ago
|
Comment 9•11 years ago
|
||
(Fuel to fire, this wireframe has it at 10 http://is.gd/Sync_FxA_Latest_Android_UX_PDF)
Comment 10•11 years ago
|
||
QA Test-Note:
* Signed up with a birth year of 2005
* Tapped create and hit the age limit check
* Backed out and attempted to access Firefox Accounts in Android settings again; hit the age limit check
* After 15 minutes; I was able to access Firefox Accounts in Android settings once again
* Verified that the Learn More link opened an FTC COPPA blurb
I/FxAccounts( 6120): fennec :: FxAccountAgeLockoutHelper :: $$FxA PII$$: Checking if locked out: it's been 916312ms since last lockout, so no.
I/ActivityManager( 704): Displayed org.mozilla.fennec/org.mozilla.gecko.fxa.activities.FxAccountGetStartedActivity: +88ms
Works for me.
@TeoVemesan mentioned in #androidsync of the inevitable circumvention with clearing all data/cache from org.mozilla.fennec to circumvent the timer.
Updated•11 years ago
|
Status: RESOLVED → VERIFIED
status-firefox29:
--- → verified
Comment 11•11 years ago
|
||
That last line is really important, but I am not even sure how/where we would document document this...
Updated•11 years ago
|
Flags: needinfo?(rfeeley)
Updated•11 years ago
|
Flags: needinfo?(jmenon)
Updated•7 years ago
|
Product: Android Background Services → Firefox for Android
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•