WebAPI/Security/Vibration

From MozillaWiki
Jump to: navigation, search

Vibration

Brief purpose of API: Let content activate the vibration motor. General use cases: Vibrate when hit in a game etc.

Reference: http://dev.w3.org/2009/dap/vibration/

Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#

Inherent threats: Obnoxious if abused, consume extra battery.

Threat severity: low

Notes:

  • User can deny from Permission Manager to override an abusive app.
  • Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content As per general use case. Implicit Limit how long vibrations can run. Only foreground content can trigger vibration.
Installed Web Apps As per general use case. Implicit Limit how long vibrations can run. Only foreground content can trigger vibration.
Privileged Web Apps As per general use case. Implicit Limit how long vibrations can run. Only foreground content can trigger vibration.
Certified Web Apps As per general use case. Implicit Limit how long vibrations can run. Only foreground content can trigger vibration.
Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/Vibration&oldid=1021351"