Closed Bug 751944 Opened 13 years ago Closed 13 years ago

Questionable Google Play permissions clarification (Native)

Categories

(Firefox for Android Graveyard :: General, defect)

ARM
Android
defect
Not set
normal

Tracking

(blocking-fennec1.0 beta+)

VERIFIED FIXED
Firefox 14
Tracking Status
blocking-fennec1.0 --- beta+

People

(Reporter: aaronmt, Assigned: mbrubeck)

References

Details

(Whiteboard: [not code][sumo])

Just looking for clarification on these permission differences between Native (test on Google Play, see Aki's 'l10n test') and XUL. = Your Accounts = * USE THE AUTHENTICATION CREDENTIALS OF AN ACCOUNT Allows the app to request authentication tokens. * ACT AS AN ACCOUNT AUTHENTICATOR Allows the app to use the account authenticator capabilities of the AccountManager, including creating accounts and getting and setting their passwords. * MANAGE THE ACCOUNTS LIST Allows the app to perform operations like adding and removing accounts, and deleting their password. = System Tools = * WRITE SYNC SETTINGS Allows the app to modify the sync settings, such as whether sync is enabled for the People app. * MODIFY GLOBAL SYSTEM SETTINGS Allows the app to modify the system's settings data. Malicious apps may corrupt your system's configuration. = Network Communication = * DOWNLOAD FILES WITHOUT NOTIFICATION Allows the app to download files through the download manager without any notification being shown to the user. = System Tools = * READ SYNC STATISTICS Allows the app to read the sync stats; e.g., the history of syncs that have occurred. READ SYNC SETTINGS * READ SYNC SETTINGS Allows the app to read the sync settings, such as whether sync is enabled for the People app. --- Most of these are Sync, with the exception of 'DOWNLOAD FILES WITHOUT NOTIFICATION' (Mark?) Just looking for clarification and sign-off on these as users might see the difference between XUL and Google Play makes some of these sound 'scary'. http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/AndroidManifest.xml.in http://mxr.mozilla.org/mozilla-central/source/mobile/android/sync/manifests/SyncAndroidManifest_permissions.xml.in
See also bug 751930 for request for removal of: WRITE BROWSER'S HISTORY AND BOOKMARKS, and READ BROWSER'S HISTORY AND BOOKMARKS
I've already submitted explanations for some of these as revisions to the SUMO article: https://support.mozilla.org/en-US/kb/how-firefox-android-use-permissions-it-requests/revision/23773 I'll write up the rest of them now; thanks for the full list.
Assignee: nobody → mbrubeck
Blocks: 672352
> * MODIFY GLOBAL SYSTEM SETTINGS This is android.permission.WRITE_SETTINGS, and I'm not sure what we use it for. It comes from the Sync manifest. Richard? > * DOWNLOAD FILES WITHOUT NOTIFICATION > * READ SYNC STATISTICS > * READ SYNC SETTINGS These permissions are hidden by default in the Android UI. The SUMO article doesn't currently have explanations for these secondary, hidden permissions. I'm not sure if we should add them. (Adding all of the hidden permissions would make the list in the article much longer, and might make things seem more scary rather than less.)
I would be OK with not documenting the hidden permissions as long as we had a good understanding of what the permission is used for. Michelle would have final say. * DOWNLOAD FILES WITHOUT NOTIFICATION Do we use this to insert files into the ICS download app?
(In reply to Kevin Brosnan [:kbrosnan] from comment #4) > * DOWNLOAD FILES WITHOUT NOTIFICATION > > Do we use this to insert files into the ICS download app? Yes, that's correct.
(In reply to Matt Brubeck (:mbrubeck) from comment #3) > This is android.permission.WRITE_SETTINGS, and I'm not sure what we use it > for. It comes from the Sync manifest. Richard? This is necessary for us to enable or disable syncing for an account... perhaps only on some versions of Android. (Also might be implicitly used by other parts of Fennec: this is the permission that controls screen lock, screen brightness, etc. etc.) We had a helluva time last year: we'd find that *some* calls on *some* devices (I'm looking at you, Motorola) would fail without some arbitrary permission. We might be able to pare this list down, but it would need quite a bit of QA to ensure safety.
I don't think that is required Richard. Fiddling with permissions sounds really risky. The main point of this bug was to make sure there we are not shipping any unused permissions. see bug 751930
Status: NEW → ASSIGNED
Whiteboard: [not code][sumo]
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 14
blocking-fennec1.0: ? → beta+
Closing bug as verified fixed per comment #9.
Status: RESOLVED → VERIFIED
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.