W3C home > Mailing lists > Public > public-device-apis@w3.org > June 2016

Re: [sensors] Malicious use of the phone's Gyroscope

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Jun 2016 22:16:47 +0000
To: public-device-apis@w3.org
Message-ID: <issue_comment.created-224431620-1465337806-sysbot+gh@w3.org>
Hi. Thanks for your report.

> To mitigate this attack, we think it's a good idea to limit access 
to the orientation API. One way to achieve this is to ask the user's 
permission before enabling this API. Another way is to limit access to
 web pages delivered from insecure origins, as Chrome does for the 
Location API [2].

Yes. Both are planned and spec'ed already (see [secure 
context](https://w3c.github.io/sensors/#secure-context) and 
[permissioning](https://w3c.github.io/sensors/#permissioning)).

Does the above alleviate your concerns?

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/112#issuecomment-224431620 using
 your GitHub account
Received on Tuesday, 7 June 2016 22:16:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC