WebAPI/Security/Geolocation

From MozillaWiki
Jump to: navigation, search

Geolocation API

Brief purpose of API: Obtain current location of user

General Use Cases: Mapping applications, GPS navigation, geotagging

References:

Inherent threats:

  • Leakage of user's current location to app
  • Leakage of user's current location to 3rd party geolocation service
  • Profiling of user behavior

Threat severity: Moderate

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content As per general case Explicit (default to not remember) UI indicator for active geolocation with a path for user to revoke access to API
Installed Web Apps As per general case Explicit (default to not remember) As above.
Privileged Web Apps As per general case Explicit (default to remember) As above.
Certified Web Apps As per general case Implicit As above