Re: [sensors] Malicious use of the phone's Gyroscope from Tobie Langel via GitHub on 2016-06-07 (public-device-apis@w3.org from June 2016)

From: Tobie Langel via GitHub <sysbot+gh@w3.org>
Date: Tue, 07 Jun 2016 22:16:47 +0000
To: public-device-apis@w3.org
Message-ID: <issue_comment.created-224431620-1465337806-sysbot+gh@w3.org>

Hi. Thanks for your report.

> To mitigate this attack, we think it's a good idea to limit access 
to the orientation API. One way to achieve this is to ask the user's 
permission before enabling this API. Another way is to limit access to
 web pages delivered from insecure origins, as Chrome does for the 
Location API [2].

Yes. Both are planned and spec'ed already (see [secure 
context](https://w3c.github.io/sensors/#secure-context) and 
[permissioning](https://w3c.github.io/sensors/#permissioning)).

Does the above alleviate your concerns?

-- 
GitHub Notification of comment by tobie
Please view or discuss this issue at 
https://github.com/w3c/sensors/issues/112#issuecomment-224431620 using
 your GitHub account

Received on Tuesday, 7 June 2016 22:16:49 UTC