Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and Privacy self-review #27

Open
xfq opened this issue May 11, 2022 · 2 comments
Open

Security and Privacy self-review #27

xfq opened this issue May 11, 2022 · 2 comments

Comments

@xfq
Copy link
Member

xfq commented May 11, 2022

We need to answer the W3C Security and Privacy Questionnaire.
@xfq
Copy link
Member Author

xfq commented May 11, 2022

Examples:

@xfq xfq mentioned this issue May 11, 2022
Open
15 tasks
@QingAn
Copy link
Contributor

QingAn commented Jun 7, 2022

Self-Review Questionnaire: Security and Privacy

01. What information might this feature expose to Web sites or other parties, and for what purposes is that exposure necessary?

This specification enables the user agent to manage the lifecycle events of both the global application lifecycle and the page lifecycle. MiniApp lifecycle includes a set of events, with which MiniApp can choose to alter its behavior based on its state. The global application lifecycle logic is contained in app.js, and the page lifecycle logic is contained in page.js, and both of them are available in a MiniApp package. For this reason, the events, states and behaviors related to MiniApp Lifecycle management is publicly exposed.

MiniApp Lifecycle events and states do not include information about users or their preferences. However, during the execution phase, MiniApp user agents may register and store any data, including the user’s environment (e.g., operating system configuration, MiniApp user agent configuration, hardware capabilities), and the user’s interests (e.g., personal characteristics).

02. Do features in your specification expose the minimum amount of information necessary to enable their intended uses?

The information required by MiniApp Lifecycle enables MiniApp user agents to run the MiniApp and provide improved user experiences to the end-users. The information exposed by the specification is based on the requirements extracted from the existing use cases and scenarios.

03. How do the features in your specification deal with personal information, personally-identifiable information (PII), or information derived from them?

No personal information is required. All the information declared in a MiniApp Lifecycle refers to the lifecycle states, events and behaviors. It does not contain personal information or user preferences that could help identify or track users. However, the inputQuery and pageInputQuery may be used to contain privacy-sensitive information (e.g. user personal data). If so, the privacy-sensitive information shall not be in cleartext.

04. How do the features in your specification deal with sensitive information?

No sensitive information is required in the MiniApp Lifecycle.

05. Do the features in your specification introduce new state for an origin that persists across browsing sessions?

MiniApp user agents shall manage the user's interests, in concrete the explicit permissions to use sensitive system's features (e.g., geolocation and device's sensors) and the look-and-feel options. They shall avoid publication of this data, offering the possibility to store and remind the user's preferences across sessions.

Even though not recommended, MiniApp user agents may register and store user’s interests information via inputQuery across multiple MiniApp pages. If the information is stored, these storages should be cleared when users intend to clear them.

06. Do the features in your specification expose information about the underlying platform to origins?

No.

07. Does this specification allow an origin to send data to the underlying platform?

No.

08. Do features in this specification enable access to device sensors?

No.

09. Do features in this specification enable new script execution/loading mechanisms?

No.

10. Do features in this specification allow an origin to access other devices?

No.

11. Do features in this specification allow an origin some measure of control over a user agent's native UI?

This specification allows MiniApp user agent to run a MiniApp in foreground on native UI or in background, and to run a MiniApp page in foreground on native UI or in background.

But they are triggered only by user input. For example, when user chooses to close the MiniApp by clicking the close button on MiniApp, or go to the mobile phone’s home screen, the MiniApp will not be destroyed immediately, but switch to be running in background. When user reopens the same MiniApp, MiniApp will switch from running in background to running in foreground. If user leaves the current MiniApp page (e.g., by navigating to another MiniApp page), MiniApp page running in background is triggered. If the MiniApp page is reopened, MiniApp page running in foreground is triggered.

But it does not allow for control over a user agent’s UI or changes to the underlying system.

12. What temporary identifiers do the features in this specification create or expose to the web?

MiniApp Global Application Lifecycle interface Global introduces inputObject which involves the processing of the inputted query for the MiniApp and the source info. MiniApp Page Lifecycle interface Page introduces pageInputObject which involves the processing of the inputted query for the MiniApp page. Developers may insert temporary identifiers through them. In order to protect users from any potential unsanctioned tracking threat, it is not recommended to store these values locally. If these values are stored, these storages should be cleared when users intend to clear them.

13. How does this specification distinguish between behavior in first-party and third-party contexts?

Still to define the security policy to fetch external resources described in the manifest. Under discussion in issue #42.

14. How do the features in this specification work in the context of a browser's Private Browsing or Incognito mode?

N/A.

15. Does this specification have both "Security Considerations" and "Privacy Considerations" sections?

Yes (Privacy and Security sections).

16. Do features in your specification enable origins to downgrade default security protections?

No.

17. How does your feature handle non-"fully active" documents?

When user chooses to close the MiniApp by clicking the close button on MiniApp, or go to the mobile phone’s home screen, the MiniApp will not be destroyed immediately, but switch to be running in background. When user reopens the same MiniApp, MiniApp will switch from running in background to running in foreground. Only when MiniApp runs in the background for more than a specific time duration (e.g., 5 minutes), or occupies too much system resources in the background, the MiniApp will be destroyed.

If user leaves the current MiniApp page (e.g., by navigating to another MiniApp page), MiniApp page running in background is triggered. If the MiniApp page is reopened, MiniApp page running in foreground is triggered. If user closes the current MiniApp page, MiniApp page unloading is triggered.

18. What should this questionnaire have asked?

...

This was referenced Jun 8, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xfq @QingAn