W3C home > Mailing lists > Public > public-device-apis-log@w3.org > May 2017

Re: [sensors] Avoid PIN skimming attacks

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 May 2017 08:48:09 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-299128928-1493887688-sysbot+gh@w3.org>
@pozdnyakov so (2) and (3) will already be fixed by virtue of stopping when focus is lost. (1) we don't have to solve.

So the only one that could really help with is (4). In which there are actually two sub cases: (a) which is when the user is doing something in the app but outside of the browsing context (i.e. browser extension or own controls such as bookmarking, password manager, etc.), and (b) another application altogether.

For (4a) I assume you have control over this and that the browsing context looses focus when this happens.

For (4b) I assume platform APIs don't warn you when the virtual keyboard is pulled in a different application. Correct?



-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at https://github.com/w3c/sensors/issues/189#issuecomment-299128928 using your GitHub account
Received on Thursday, 4 May 2017 08:48:16 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 12:18:53 UTC