Security/Reviews/Mobile/AndroidSystemStorage
From MozillaWiki
- Items to be reviewed
- System Storage for Android. See also: Privacy/Reviews/AndroidSystemStorage
Contents
Introduce Feature
Formerly used places db on mobile, move to system databases on Android URL bar should talk directly to the database instead of through the gecko (?) services that were in-betweens for data storage.
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
Want to use something outside of gecko to access data when gecko is not up and running Don't have the same exact awesomebar behavior, but it's similar (for frecency).
What solutions/approaches were considered other than the proposed solution?
Using the existing database backend in gecko... that was what we automatically started with.
Why was this solution chosen?
- Simplify the code (this approach is simpler)
On android, there's a system level store for bookmarks/passwords/history
- This feature is a move to that
- merges system browser bookmarks etc. with ours
- aids in transition from default to third party (our) browser
- your bookmarks, etc don't go away when you uninstall Firefox or switch browsers
- Form data will stay in gecko
- Password store may stay in gecko - needs to work with sync
Any security threats already considered in the design and why?=
- Could be synced via google's sync given that google sync accesses these databases
- Will be addressed in the privacy review
Threat Brainstorming
- Rewriting a bunch of front-end code, and we've seen security issues in that so perhaps there will be some in this as well?
- sqlite injections ?
- awesome bar issues - example: pasting javascript urls - fixed in desktop
- Storage of passwords encrypted?
- Something tied to the sim card -- if sim changes, the OS wipes private data
- What about evil apps that suck down passwords from the system db?
- How and where passwords are kept will be discussed in the privacy review.
- Password manager auto-fill stuff
- same as it used to be (there have been issues with tricking autocomplete into thinking it has the wrong domain in the past)
- Form auto-fill stuff
- Same as it used to be. Keeping form data inside gecko.
Conclusions / Action Items (10-20 minutes)
- dougt
- - verify whether or not passwords will be stored in system DB or not. (if so, how will they be protected?) Let Sid know when you find out.
- imelven
- - look over the code (sec review)
- sid
- - push discussion of where/why into privacy review