Threatpost reports
Firefox OS … includes many of the security and privacy features that Mozilla has built into the Firefox browser over the years, namely support for Do Not Track.
One of the features of Firefox OS is an app permission function that enables users to decide what behaviors they want to allow for a given app. So a user will get a prompt when an app is attempting to perform a certain kind of action and then decide whether to allow it.
"The security model of Firefox OS is based on contextual prompts. So for APIs that are understandable and human meaningful like geolocation, using the camera or recording audio the OS will prompt the user. You can save & remember these choices and later revisit them in the Settings app under 'App Permissions'. You may set them to Allow, Prompt, or Deny," said Frederik Braun, a Mozilla security engineer.
[...]
"Starting with Firefox [OS] 2.1, you may activate the developer settings and tick the checkbox near 'Verbose App Permissions'. The typical list in the Settings app will then show you all the permissions an app has and allows you to set them to Allow, Prompt or Deny. This feature, however, only targets the Privileged apps. These are apps that come through the Marketplace. For now, we can not revoke permissions for the built-in apps (the permission set() call throws)," Braun said.
Related Stories
How KaiOS claimed the third-place mobile crown
In December 2015, Mozilla announced it would be abandoning Firefox OS as a smartphone platform. Many assumed the company's withdrawal would kill any hope of a mobile operating system built around the open web, rather than a combination of native apps and tightly-controlled storefronts. In the last few years, plenty of so-called "alternative" smartphone platforms, including Ubuntu Touch and Windows 10 Mobile, have faded into obscurity, too. Jolla has struggled on with Sailfish OS, but it's never felt like a true challenger to the Android and iOS duopoly. Three years later and a surprising competitor has emerged: KaiOS. The relative newcomer, which makes feature phones smarter, is already running on more than 80 million devices worldwide. How did it grow so big, so quickly? With a little help from Firefox OS.
[...] The operating system that emerged is quite different to Firefox OS. The user interface, for instance, is built around phones with physical keys and non-touch displays. The application icons are smaller and you'll often see a contextual strip at the bottom of the screen with physical input options such as "Cancel" and "Okay." KaiOS optimized the platform for low-end hardware -- it only requires 256MB of RAM to run -- and, crucially, kept support for modern connectivity such as 3G, 4G, WiFi, GPS and NFC.
Feature phones are normally associated with emerging markets such as India and Brazil. KaiOS, however, started in the US with the Alcatel-branded Go Flip. Codeville and his team persuaded AT&T, Sprint and T-Mobile to stock the handset because of their proven track record while working at TCL. Those deals then allowed the company to win a contract with Jio, a mobile network in India owned by a massive conglomerate called Reliance Industries. Together they built the JioPhone, a candybar-style device with a 2.4-inch display and 512MB of RAM. It was effectively given away with ultra-competitive 4G plans.
[...] Google Assistant was a particularly important addition. For many, voice is a faster way of typing than pecking a classic one-through-nine keypad with their thumbs. The Assistant talks back, too, which makes the platform viable for people with poor literacy skills.
Previously: $25 Firefox OS Smartphone Coming to India
Mozilla Adding Granular App Permissions to Firefox OS
Geeksphone Stops Support for FirefoxOS with No Warning
Mozilla to Cease Development of Firefox OS
The Story of Firefox OS
Google Invests $22 Million in the OS Powering Nokia Feature Phones
(Score: 1) by PiMuNu on Monday September 01 2014, @02:33PM
This is a great feature. Just trying to get something as simple as an MP3 player that could play Amazon downloaded files is a major headache, when I don't want to give it access to my soul. I guess I have been spoilt by linux where such things are available through repositories and "just work"...
(Score: -1, Troll) by Anonymous Coward on Monday September 01 2014, @02:38PM
This sounds useful, but it's relatively minor compared to the numerous other severe problems that plague Firefox OS. Firefox OS devices are hard to get, and the ones that do exist so far have really shitty specs. The Firefox OS software isn't very good. The development environment it provides is crippled, since JavaScript/HTML5/CSS are just barely usable for even the simplest of apps. Since nobody uses Firefox OS and the development environment is rather crappy, there are basically no useful apps for it. All in all, there's really nothing appealing about it. There's nothing that sets it apart from Android, iOS, and all of the other mobile OSes out there. And don't even get me started on how Firefox OS is supposedly more 'open' than other systems. The summary shows that isn't the case, because the permissions of the built-in apps apparently can't be limited. It's not 'open' if there are restrictions like that in place!
(Score: 2) by q.kontinuum on Monday September 01 2014, @03:04PM
The option to change app permissions after installation does set Firefox OS apart. And the devices have shitty aspect, but they are dirt cheap as well. Reg. JavaScript and HTML5: Did you see the VM implemented in JavaScript, capable to boot Linux? I agree you won't see high performance games, but functionality-wise a lot is possible.
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 3, Informative) by quacking duck on Monday September 01 2014, @04:20PM
I don't see how you figure that.
They are merely following what iOS, Blackberry and maybe others started years ago. iOS began app-specific location services settings in 2010 (maybe 2009), and as of last year's iOS7, granular access included cell data, contacts, calendars, reminders, photos, bluetooth and microphone. Recall that on iOS *all* app permissions are decided by the user *after* the app is installed.
Blackberry had a half-dozen user-controllable granular permissions even earlier, in 2010, with a smaller app permissions set at least since 2007.
It's Google Android, the mobile OS that built its reputation on giving users control over their own phone, that mind-bogglingly still refuses to give you control over an app's access to features, other than not installing it in the first place.
(Score: 2) by opinionated_science on Monday September 01 2014, @05:22PM
Yes, and excellent piece of programming!! In Javascript!!
And one of the many reasons DRM in HTML for anything other than verification is a bad, bad, bad, bad idea!!!!
Looking at you google....
(Score: 0) by Anonymous Coward on Monday September 01 2014, @03:42PM
The built in apps are fundamental to the operation of the phone, and are part of the OS. If you don't trust the built-in apps to behave properly, what the hell are you doing trusting Firefox OS to begin with? I think they imposed this restriction for practical purposes. What do you think would happen if you revoked the permissions on system level applications? You can do this on a rooted Android phone and it is very easy to wind up with an unusable device that has to be reflashed to get it working again or one that misbehaves in subtle ways. If you're a power user by all means experiment that way if you like, but this is a consumer device meant to be used by ordinary people who want to use their phones to do stuff, not fiddle with their settings. There is no conceivable reason why anyone not interested in modifying their phones would want to restrict the permissions on system level apps. If they were at that level they'd have more powerful ways of accomplishing what they want to do.
(Score: 0) by Anonymous Coward on Thursday September 04 2014, @07:15AM
Here's the (not so) anonymous coward that implemented the granular permissions thing: I agree that not trusting the OS kinda fails the point. And e.g. removing the "let me manage installed apps" from the Homescreen would leave you with a very unusable phone indeed. But there's also a very practical reason for not allowing you to reset permissions for the built-in apps: The call to setPermission() fails for the built-in apps. I just changed the settings app, not the whole permission model.
But if this is something people are heavily interested in, feel free to file a bug and let's discuss this on bugzilla.mozilla.org! :) I'd be happy to take this further. You can CC me on Bugzilla as fbraun(at)mozilla.com.
Thanks!
(Score: 0) by Anonymous Coward on Monday September 01 2014, @04:47PM
This only becomes useful if the phone owner can disable these functions, and applications cannot turn them back on surreptitiously. There are too many sleazy marketers doing things with people's phones over which they have no control. The default should be maximum security for the phone owner, and not free-for-all until I disable it.
(Score: 3, Insightful) by cafebabe on Monday September 01 2014, @05:24PM
I thought that app permissions were discredited. Popular apps, especially ones with social pressure, require a large number of permissions and leave the user with a take-it-or-leave-it proposition which may adversely affect their social standing.
I think a better solution is to provide all apps with fake data unless strictly necessary. So, an app has access to a fake calendar, a fake address book, fake co-ordinates [soylentnews.org], fake accelerometer input, fake microphone input and suchlike. The address book contains honeypot information. If it is determined that the honeypot information has been used by a app developer, the app is delisted from the app marketplace, the app is removed from infected phones and the app developer is contractually fined.
If it remains profitable for app developers to infringe privacy then they will continue to do it. Likewise for other motives.
1702845791×2