ubuntu-phone team mailing list archive

Thread
Date

Re: Avoiding spying via the microphone and camera [Was: Sharing dynamic informations between the user session and the greeter]

To: Matthew Paul Thomas <mpt@xxxxxxxxxxxxx>
From: Thomas Voß <thomas.voss@xxxxxxxxxxxxx>
Date: Mon, 10 Mar 2014 10:34:43 +0100
Cc: Jamie Strandboge <jamie@xxxxxxxxxxxxx>, Ubuntu Touch <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <531D8588.1010807@canonical.com>

On Mon, Mar 10, 2014 at 10:27 AM, Matthew Paul Thomas <mpt@xxxxxxxxxxxxx> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jamie Strandboge wrote on 07/03/14 16:09:
>> ...
>>
>> This reminded me about how we are going to deal with an application
>> recording audio and video. (I don't want to get into a situation
>> where an app can be uploaded to the store to eavesdrop or spy on
>> users via the mic or camera).
>>
>> There are open bugs on this[1][2] and there is a nice summary in
>> comment #14 of LP: #1224756[3]. I don't think this ever made it to
>> the list, so I figured I'd both put the information out there and
>> ask a couple followup questions here.
>>
>> ...
>>
>> Matthew, by your comments in this thread it seems design requires a
>> visual cue in the lock screen if audio/video is recording (which
>> sounds ok to me). Is this accurate?
>
> Not just the lock screen, but a background app in any situation.
> That's an interesting design constraint: normally you'd expect the cue
> to provide access to return to the app, but in the lock screen it
> shouldn't.
>

As we do not allow applications running in the background (at least on
the phone/tablet), this applies to (trusted) helpers and their
operation. My understanding is that the indicators are responsible for
providing this sort of feedback to users.

With that: We do not have trusted helpers for recording of audio or
video. For that, a recording application is either in the foreground
and thus visible to the user, or in the background and stopped or
killed. The same applies for the lock screen: Only operations provided
by (trusted) helpers continue while the phone is locked. All regular
applications are stopped or killed when enetering the locked state.

Matthew/Jamie: Does that correspond to your understanding?

Cheers,

  Thomas

>> Are there designs for that and the other parts of summary point
>> '2' (I'm particularly curious about how we will handle fullscreen
>> apps)?
>
> Not as far as I know.
>
>> Is there a blueprint/work item for that and to implement the work
>> that you know of? (I'd like to subscribe)
>>
>> ...
>
> I wouldn't know, sorry, I gave up on using blueprints in 2012. :-)
>
> - --
> mpt
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.14 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlMdhYgACgkQ6PUxNfU6ecqjKQCbBVohtWaCmWjgNlYuOBKtVu7n
> nJcAn1jK6bjuGIgffO6HukAAVZnmoduy
> =geMo
> -----END PGP SIGNATURE-----

Follow ups

Re: Avoiding spying via the microphone and camera [Was: Sharing dynamic informations between the user session and the greeter]
From: Jamie Strandboge, 2014-03-11
Re: Avoiding spying via the microphone and camera [Was: Sharing dynamic informations between the user session and the greeter]
From: Matthew Paul Thomas, 2014-03-10

References

Avoiding spying via the microphone and camera [Was: Sharing dynamic informations between the user session and the greeter]
From: Jamie Strandboge, 2014-03-07
Re: Avoiding spying via the microphone and camera [Was: Sharing dynamic informations between the user session and the greeter]
From: Matthew Paul Thomas, 2014-03-10