- From: Ovidio Ruiz-Henríquez via GitHub <sysbot+gh@w3.org>
- Date: Mon, 01 Jun 2020 22:12:02 +0000
- To: public-web-bluetooth-log@w3.org
odejesush has just created a new issue for https://github.com/WebBluetoothCG/web-bluetooth: == AdvertisingEvent objects may contain service UUIDs that the site has not explicitly requested permission for. == Currently, `AdvertisingEvent`s that are fired for `BluetoothDevice`s for which advertisements are being watched may contain service UUIDs that the current site does not have permission to use. This is a privacy risk given that the site is only aware of the services that it explicitly requested for, but it may receive service UUIDs in the `AdvertisingEvent` that is was not aware of. The `AdvertisingEvent` should filter out services that the site did not explicitly request access for. An example case for when this might happen is the following: 1. A site requests a `device` for service A. 2. The site calls `device.watchAdvertisements()`. 3. The device sends an advertisement packet with services A and B listed. 4. A `AdvertisingEvent` is fired on `device` containing service A and B in the `uuids` property. Please view or discuss this issue at https://github.com/WebBluetoothCG/web-bluetooth/issues/499 using your GitHub account
Received on Monday, 1 June 2020 22:12:04 UTC