Closed
Bug 751944
Opened 13 years ago
Closed 13 years ago
Questionable Google Play permissions clarification (Native)
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(blocking-fennec1.0 beta+)
VERIFIED
FIXED
Firefox 14
Tracking | Status | |
---|---|---|
blocking-fennec1.0 | --- | beta+ |
People
(Reporter: aaronmt, Assigned: mbrubeck)
References
Details
(Whiteboard: [not code][sumo])
Just looking for clarification on these permission differences between Native (test on Google Play, see Aki's 'l10n test') and XUL.
= Your Accounts =
* USE THE AUTHENTICATION CREDENTIALS OF AN ACCOUNT
Allows the app to request authentication tokens.
* ACT AS AN ACCOUNT AUTHENTICATOR
Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords.
* MANAGE THE ACCOUNTS LIST
Allows the app to perform operations like adding and removing accounts, and deleting their password.
= System Tools =
* WRITE SYNC SETTINGS
Allows the app to modify the sync settings, such as whether sync is enabled for the People app.
* MODIFY GLOBAL SYSTEM SETTINGS
Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration.
= Network Communication =
* DOWNLOAD FILES WITHOUT NOTIFICATION
Allows the app to download files through the download manager without any notification being shown to the user.
= System Tools =
* READ SYNC STATISTICS
Allows the app to read the sync stats; e.g., the history of syncs that have occurred.
READ SYNC SETTINGS
* READ SYNC SETTINGS
Allows the app to read the sync settings, such as whether sync is enabled for the People app.
---
Most of these are Sync, with the exception of 'DOWNLOAD FILES WITHOUT NOTIFICATION' (Mark?)
Just looking for clarification and sign-off on these as users might see the difference between XUL and Google Play makes some of these sound 'scary'.
http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/AndroidManifest.xml.in
http://mxr.mozilla.org/mozilla-central/source/mobile/android/sync/manifests/SyncAndroidManifest_permissions.xml.in
Reporter | ||
Comment 1•13 years ago
|
||
See also bug 751930 for request for removal of: WRITE BROWSER'S HISTORY AND BOOKMARKS, and READ BROWSER'S HISTORY AND BOOKMARKS
Assignee | ||
Comment 2•13 years ago
|
||
I've already submitted explanations for some of these as revisions to the SUMO article:
https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests/revision/23773
I'll write up the rest of them now; thanks for the full list.
Assignee: nobody → mbrubeck
Blocks: 672352
Assignee | ||
Comment 3•13 years ago
|
||
> * MODIFY GLOBAL SYSTEM SETTINGS
This is android.permission.WRITE_SETTINGS, and I'm not sure what we use it for. It comes from the Sync manifest. Richard?
> * DOWNLOAD FILES WITHOUT NOTIFICATION
> * READ SYNC STATISTICS
> * READ SYNC SETTINGS
These permissions are hidden by default in the Android UI. The SUMO article doesn't currently have explanations for these secondary, hidden permissions. I'm not sure if we should add them. (Adding all of the hidden permissions would make the list in the article much longer, and might make things seem more scary rather than less.)
Comment 4•13 years ago
|
||
I would be OK with not documenting the hidden permissions as long as we had a good understanding of what the permission is used for. Michelle would have final say.
* DOWNLOAD FILES WITHOUT NOTIFICATION
Do we use this to insert files into the ICS download app?
Assignee | ||
Comment 5•13 years ago
|
||
(In reply to Kevin Brosnan [:kbrosnan] from comment #4)
> * DOWNLOAD FILES WITHOUT NOTIFICATION
>
> Do we use this to insert files into the ICS download app?
Yes, that's correct.
Comment 6•13 years ago
|
||
(In reply to Matt Brubeck (:mbrubeck) from comment #3)
> This is android.permission.WRITE_SETTINGS, and I'm not sure what we use it
> for. It comes from the Sync manifest. Richard?
This is necessary for us to enable or disable syncing for an account... perhaps only on some versions of Android.
(Also might be implicitly used by other parts of Fennec: this is the permission that controls screen lock, screen brightness, etc. etc.)
We had a helluva time last year: we'd find that *some* calls on *some* devices (I'm looking at you, Motorola) would fail without some arbitrary permission.
We might be able to pare this list down, but it would need quite a bit of QA to ensure safety.
Comment 7•13 years ago
|
||
I don't think that is required Richard. Fiddling with permissions sounds really risky. The main point of this bug was to make sure there we are not shipping any unused permissions. see bug 751930
Assignee | ||
Comment 8•13 years ago
|
||
More updates submitted and awaiting review:
https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests/revision/23818
Status: NEW → ASSIGNED
Assignee | ||
Updated•13 years ago
|
Whiteboard: [not code][sumo]
Assignee | ||
Comment 9•13 years ago
|
||
SUMO article updated:
https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests#os=android&browser=m14
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 14
Updated•13 years ago
|
blocking-fennec1.0: ? → beta+
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•