GPS location

Added by JB Hétier over 5 years ago

Hello,

Could the GPS location be made available for sites, with a toggle just like javascript or DOM storage?

Replies (2)

RE: GPS location - Added by Soren Stoutner over 5 years ago

GPS location information requires the addition of the location dangerous permissions

https://developer.android.com/guide/topics/permissions/overview#dangerous_permissions

https://developer.android.com/reference/android/Manifest.permission#ACCESS_COARSE_LOCATION

https://developer.android.com/reference/android/Manifest.permission#ACCESS_FINE_LOCATION

From time to time there are vulnerabilities in WebView.

https://labs.mwrinfosecurity.com/blog/webview-addjavascriptinterface-remote-code-execution/

My guess is that there are a lot of unpatched 0-day vulnerabilities in WebView being actively exploited in the wild. Once the dangerous location permissions are granted to the app, any website that can exploit a WebView vulnerability would be able to track your location, regardless of whether the app enabled or disabled the setting. For that reason I never intend to add the location permissions.

PS. This is somewhat related to how the NSA uses 0-day exploits in Firefox to track people using Tor.

https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

RE: GPS location - Added by JB Hétier over 5 years ago

Thanks for the detailed reply!

(1-2/2)

Project

General

Profile

Privacy Browser Android

GPS location

Replies (2)

RE: GPS location - Added by Soren Stoutner over 5 years ago

RE: GPS location - Added by JB Hétier over 5 years ago