W3C home > Mailing lists > Public > public-device-apis@w3.org > July 2016

Re: Notes of June 30 teleconference

From: Chaals McCathie Nevile <chaals@yandex-team.ru>
Date: Fri, 08 Jul 2016 11:26:43 +0200
To: public-device-apis@w3.org
Message-ID: <op.yj9y6tdzs7agh9@widsith.local>
On Thu, 07 Jul 2016 16:24:41 +0200, Andrey Logvinov  
<alogvinov@yandex-team.ru> wrote:

> Can't a malicious app just wait for a while and if the promise has been  
> neither
> resolved nor rejected, decide that the user has in fact denied the  
> request? Is
> there any "normal" cause at all for the battery promise to remain in  
> pending
> state for extended periods of time? If we are talking about a taxi app,  
> there is
> plenty of time from the start until the price needs to be presented to  
> the user
> to test for a probably intentional non-action on the promise.

That's true. But I think this still defeats the threat model, because you  
know nothing about the battery state.

The specific behaviour was knowing that the user's battery is very low.  
You could try to burn battery in order to achieve that, but you're  
unlikely to keep customers that way - there are multiple taxi apps around…


Charles McCathie Nevile - web standards - CTO Office, Yandex
  chaals@yandex-team.ru - - - Find more at http://yandex.com
Received on Friday, 8 July 2016 09:27:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC