How much do you trust your browser when you are surfing the internet on a mobile phone using Safari, Chrome, Opera or Firefox? Perhaps, you feel secure as long as you do not download suspicious files, or enter your secret passwords onto unknown websites. You may feel even more secure by closing the browser and locking the phone.
We reported the results of this research to the W3C community and mobile browser vendors including Mozilla, Opera, Chromium and Apple. We are grateful to their quick and constructive feedback, which is summarized below:
- W3C: “This would be an issue to address for any future iterations on this [W3C] document”.
- Mozilla: “Indeed, and it should be fixed consistently across all the browsers and also the spec [W3C specification] needs to be fixed.”
- Chrome: “It [i.e. this research] sounds like a good reason to restrict it [i.e. sensor reading] from iframes”.
- Opera: “Opera on iOS giving background tabs access to the events does seem like an unwanted bug”.
- Safari: “We have reviewed your paper and are working on the mitigations listed in the paper.”
An earlier version of the paper was presented in AsiaCCS’15 and a journal version is published in JISA (Elsevier). Please feel free to leave comment or contact me (firstname.lastname@example.org) if you have any questions about this research project.