Re: Firefox OS Permissions from Paul Theriault on 2014-02-24 (public-web-mobile@w3.org from February 2014)

From: Paul Theriault <ptheriault@mozilla.com>
Date: Mon, 24 Feb 2014 12:34:38 +1100
To: Natasha Rooney <nrooney@gsma.com>
Cc: W3C Webmob Public <public-web-mobile@w3.org>
Message-Id: <513EFCD5-28EA-49E0-9E6B-0514F8DA72FC@mozilla.com>

Hey Natasha, 

On 24 Feb 2014, at 5:16 am, Natasha Rooney <nrooney@gsma.com> wrote:

> Hey guys!
> 
> I was lucky enough to go along to the FirefoxOS event at mobile world congress tonight. I checked out some of the new devices and the apps running on them. One of the most interesting things was how the OS manages permissions. Inside of ‘settings’ the user can see a list of every app. When the app is selected the user can see the app author (this satisfies some regional legal requirements) and a list of each permission the app is using. The user can then select ‘ask’, ‘deny’ or ‘grant’ for each permission. Below are links to tweets with pictures. I liked the solution a lot, and would love to know what you guys think!

Note that the goal of the initial permission model was to allow users control over privacy-related permissions, whilst not bombarding users with prompts, or asking them permission questions that they couldn’t reasonably understand. As such, all permissions must be declared in the application’s manifest, but how we actually grant permission differs depending on this criteria of privacy & user understanding:
- Permissions the user can reasonably make a decision about (sharing location, photos, contacts etc) are granted as “prompt” during installation, meaning that prior to the first use of the API, the user will be prompted to allow access. These permission decisions can be reviewed and modified later in the settings app (which you show below). 
- For all other permissions, access is granted as a result of marketplace security review, and not shown to the user. Initially it was planned to show all permissions in the settings app (what you have a screenshot of below) however after much debate, for version one we decided not to expose these permissions. This was for a number of reasons but mainly to avoid confusion for regular users. Power users can however use the App Manager (built-in to Firefox) to see all permissions of apps installed on their phone.

Unfortunately I am not at MWC, but there are security & privacy at our booth who would like to talk with you. Best bet is probably just to drop in, but I can put you in touch with individuals in this area if you would like.

Regards,
Paul 

Paul Theriault
Security Manager, Firefox OS

> 
> https://twitter.com/thisNatasha/status/437618486047965184
> https://twitter.com/thisNatasha/status/437617298678235136
> 
> Natasha
> 
> Natasha Rooney | Web Technologist | GSMA | nrooney@gsma.com | +44 (0) 7730 219 765 | @thisNatasha | Skype: nrooney@gsm.org 
> 7th Floor, 5 New Street Square, London EC4A 3BF
> 
> This email and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this email or call +44 207 356 0600 and highlight the error.
>

Received on Monday, 24 February 2014 01:35:11 UTC