WebAPI/Security/Geolocation
From MozillaWiki
Geolocation API
Brief purpose of API: Obtain current location of user
General Use Cases: Mapping applications, GPS navigation, geotagging
References:
- https://developer.mozilla.org/En/Using_geolocation
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/EsZL5Ct58bU/discussion
Inherent threats:
- Leakage of user's current location to app
- Leakage of user's current location to 3rd party geolocation service
- Profiling of user behavior
Threat severity: Moderate
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general case | Explicit (default to not remember) | UI indicator for active geolocation with a path for user to revoke access to API |
| Installed Web Apps | As per general case | Explicit (default to not remember) | As above. |
| Privileged Web Apps | As per general case | Explicit (default to remember) | As above. |
| Certified Web Apps | As per general case | Implicit | As above |
