2013-09-13 02:09:53 |
Jamie Strandboge |
bug |
|
|
added bug |
2013-09-13 02:10:09 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Saucy |
|
2013-09-13 02:10:09 |
Jamie Strandboge |
bug task added |
|
pulseaudio (Ubuntu Saucy) |
|
2013-09-13 02:11:52 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): importance |
Undecided |
High |
|
2013-09-13 02:12:33 |
Jamie Strandboge |
bug task added |
|
indicator-sound (Ubuntu) |
|
2013-09-13 02:17:59 |
Jamie Strandboge |
indicator-sound (Ubuntu Saucy): status |
New |
Confirmed |
|
2013-09-13 02:18:04 |
Jamie Strandboge |
indicator-sound (Ubuntu Saucy): status |
Confirmed |
New |
|
2013-09-13 02:23:42 |
Jamie Strandboge |
description |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere. |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere. Note, this must happen via the out of process pulseaudio server and not the confined app itself to be effective. |
|
2013-09-13 09:23:08 |
Lars Karlitski |
bug |
|
|
added subscriber Lars Uebernickel |
2013-09-13 09:30:49 |
Matthew Paul Thomas |
bug |
|
|
added subscriber Matthew Paul Thomas |
2013-09-13 11:54:44 |
Jamie Strandboge |
description |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere. Note, this must happen via the out of process pulseaudio server and not the confined app itself to be effective. |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, this must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
|
2013-09-13 12:05:04 |
Jamie Strandboge |
description |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, this must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
|
2013-09-13 17:42:18 |
David Henningsson |
pulseaudio (Ubuntu Saucy): status |
Triaged |
Invalid |
|
2013-09-14 07:44:17 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto MURATA |
2013-09-18 12:36:29 |
Matthew Paul Thomas |
indicator-sound (Ubuntu Saucy): assignee |
|
Matthew Paul Thomas (mpt) |
|
2013-09-18 12:36:32 |
Matthew Paul Thomas |
indicator-sound (Ubuntu Saucy): status |
New |
Incomplete |
|
2013-09-25 13:49:37 |
Matthew Paul Thomas |
indicator-sound (Ubuntu Saucy): status |
Incomplete |
In Progress |
|
2013-09-25 13:51:48 |
Matthew Paul Thomas |
indicator-sound (Ubuntu Saucy): status |
In Progress |
Triaged |
|
2013-09-25 13:51:48 |
Matthew Paul Thomas |
indicator-sound (Ubuntu Saucy): assignee |
Matthew Paul Thomas (mpt) |
|
|
2013-09-25 14:29:52 |
Marc Deslauriers |
bug |
|
|
added subscriber Marc Deslauriers |
2013-09-25 16:01:33 |
Jamie Strandboge |
summary |
pulseaudio should give a visual indication when it is recording |
pulseaudio should indicate to the user it is recording |
|
2013-09-25 16:03:06 |
Jamie Strandboge |
summary |
pulseaudio should indicate to the user it is recording |
pulseaudio should indicate to the user it is accessing the microphone |
|
2013-09-25 16:09:32 |
Jamie Strandboge |
description |
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
Currently the 'audio' policy group allows access to pulseaudio which allows apps to use the microphone and eavesdrop on the user. Pulseaudio needs to be modified to use trust-store, like location-service does. Integrating with trust-store means that when an app tries use the microphone via pulseaudio, pulseaudio will contact trust-store, the trust-store will prompt the user ("Foo wants to use the microphone. Is this ok? Yes|No"), optionally cache the result and return the result to pulseaudio. In this manner the user is given a contextual prompt at the time of access by the app. Using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in settings.
Targeting to T-Series for now, since the trust-store is not in a reusable form yet.
Original description:
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
|
2013-09-25 16:09:44 |
Jamie Strandboge |
bug task deleted |
indicator-sound (Ubuntu) |
|
|
2013-09-25 16:09:53 |
Jamie Strandboge |
bug task deleted |
indicator-sound (Ubuntu Saucy) |
|
|
2013-09-25 16:10:01 |
Jamie Strandboge |
nominated for series |
|
Ubuntu T-series |
|
2013-09-25 16:10:01 |
Jamie Strandboge |
bug task added |
|
pulseaudio (Ubuntu T-series) |
|
2013-09-25 16:10:09 |
Jamie Strandboge |
pulseaudio (Ubuntu Saucy): status |
Invalid |
Won't Fix |
|
2013-09-25 16:10:19 |
Jamie Strandboge |
pulseaudio (Ubuntu T-series): importance |
Undecided |
High |
|
2013-09-25 16:10:34 |
Jamie Strandboge |
summary |
pulseaudio should indicate to the user it is accessing the microphone |
pulseaudio should integrate with trust-store |
|
2013-10-17 17:10:55 |
Launchpad Janitor |
pulseaudio (Ubuntu T-series): status |
New |
Confirmed |
|
2013-10-21 20:00:05 |
Berica Cretu |
summary |
pulseaudio should integrate with trust-store |
Pulseaudio should integrate with trust-store |
|
2014-04-04 13:55:18 |
Daniel Holbach |
bug |
|
|
added subscriber Daniel Holbach |
2014-06-13 06:20:16 |
David Henningsson |
bug |
|
|
added subscriber David Henningsson |
2014-06-13 15:13:40 |
Jamie Strandboge |
nominated for series |
|
Ubuntu Utopic |
|
2014-06-13 15:13:40 |
Jamie Strandboge |
bug task added |
|
pulseaudio (Ubuntu Utopic) |
|
2014-06-13 15:13:55 |
Jamie Strandboge |
pulseaudio (Ubuntu Trusty): status |
Confirmed |
Won't Fix |
|
2014-06-13 15:13:59 |
Jamie Strandboge |
pulseaudio (Ubuntu Utopic): status |
Invalid |
Triaged |
|
2014-06-13 15:41:46 |
Jamie Strandboge |
tags |
application-confinement |
application-confinement rtm14 |
|
2014-07-31 14:30:28 |
Jamie Strandboge |
pulseaudio (Ubuntu Utopic): importance |
High |
Critical |
|
2014-07-31 14:33:15 |
Jamie Strandboge |
bug task deleted |
pulseaudio (Ubuntu Saucy) |
|
|
2014-07-31 14:33:41 |
Jamie Strandboge |
bug task deleted |
pulseaudio (Ubuntu Trusty) |
|
|
2014-07-31 14:35:45 |
Jamie Strandboge |
bug task deleted |
pulseaudio (Ubuntu Utopic) |
|
|
2014-09-25 18:15:21 |
Ricardo Salveti |
pulseaudio (Ubuntu): assignee |
|
Ricardo Salveti (rsalveti) |
|
2014-09-25 18:15:58 |
Ricardo Salveti |
tags |
application-confinement rtm14 |
application-confinement rtm14 touch-2014-10-9 |
|
2014-10-02 15:31:12 |
Michael Frey |
tags |
application-confinement rtm14 touch-2014-10-9 |
application-confinement rtm14 touch-2014-10-23 |
|
2014-10-30 18:59:21 |
Olli Ries |
tags |
application-confinement rtm14 touch-2014-10-23 |
application-confinement ota-1 rtm14 |
|
2014-11-26 18:57:29 |
Olli Ries |
canonical-devices-system-image: importance |
Undecided |
High |
|
2014-11-26 18:57:29 |
Olli Ries |
canonical-devices-system-image: status |
New |
Confirmed |
|
2014-11-26 18:57:29 |
Olli Ries |
canonical-devices-system-image: milestone |
|
r1 |
|
2014-11-26 18:57:29 |
Olli Ries |
canonical-devices-system-image: assignee |
|
Canonical Devices Products (canonical-devices-products-team) |
|
2014-12-05 13:33:45 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww51-2014 |
ww03-2015 |
|
2015-01-14 18:52:03 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww03-2015 |
ww05-2015 |
|
2015-01-16 17:55:39 |
Gio |
bug |
|
|
added subscriber Gio |
2015-01-28 16:14:48 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww05-2015 |
ww09-2015 |
|
2015-01-28 16:16:35 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww09-2015 |
ww07-2015 |
|
2015-02-12 19:53:26 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww07-2015 |
ww09-2015 |
|
2015-02-12 21:31:44 |
Pat McGowan |
canonical-devices-system-image: assignee |
Canonical Devices Products (canonical-devices-products-team) |
Michael Frey (mfrey) |
|
2015-03-10 19:39:06 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww09-2015 |
ww13-2015 |
|
2015-03-10 19:49:41 |
Ricardo Salveti |
canonical-devices-system-image: assignee |
Michael Frey (mfrey) |
Canonical Phone Foundations (canonical-phonedations-team) |
|
2015-03-19 05:50:37 |
Winael |
bug |
|
|
added subscriber Winael |
2015-03-23 11:31:34 |
Rex Tsai |
bug |
|
|
added subscriber Rex Tsai |
2015-04-13 19:32:33 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww13-2015 |
ww17-2015 |
|
2015-04-23 13:17:35 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww17-2015 |
ww21-2015 |
|
2015-06-11 09:22:31 |
John McAleely |
canonical-devices-system-image: assignee |
Canonical Phone Foundations (canonical-phonedations-team) |
John McAleely (john.mcaleely) |
|
2015-06-11 13:29:54 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww21-2015 |
ww28-2015 |
|
2015-06-11 15:41:21 |
John McAleely |
bug |
|
|
added subscriber John McAleely |
2015-06-25 10:13:30 |
John McAleely |
pulseaudio (Ubuntu): assignee |
Ricardo Salveti (rsalveti) |
|
|
2015-06-29 13:52:51 |
Matthew Paul Thomas |
description |
Currently the 'audio' policy group allows access to pulseaudio which allows apps to use the microphone and eavesdrop on the user. Pulseaudio needs to be modified to use trust-store, like location-service does. Integrating with trust-store means that when an app tries use the microphone via pulseaudio, pulseaudio will contact trust-store, the trust-store will prompt the user ("Foo wants to use the microphone. Is this ok? Yes|No"), optionally cache the result and return the result to pulseaudio. In this manner the user is given a contextual prompt at the time of access by the app. Using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in settings.
Targeting to T-Series for now, since the trust-store is not in a reusable form yet.
Original description:
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough). |
Currently the 'audio' policy group allows access to pulseaudio which allows apps to use the microphone and eavesdrop on the user. Pulseaudio needs to be modified to use trust-store, like location-service does. Integrating with trust-store means that when an app tries use the microphone via pulseaudio, pulseaudio will contact trust-store, the trust-store will prompt the user ("Foo wants to use the microphone. Is this ok? Yes|No"), optionally cache the result and return the result to pulseaudio. In this manner the user is given a contextual prompt at the time of access by the app. Using caching this decision can be remembered the next time. If caching is used, there should be a method to change the decision in settings.
Targeting to T-Series for now, since the trust-store is not in a reusable form yet.
Original description:
David and the security team (inspired by an observation from Rick) discussed that when recording, pulseaudio should somehow unobtrusively show the user that it is recording. The easiest thing to do would be for pulseaudio to alert indicator-sound which would then turn its icon red (similar to indicator-message turning blue with new messages). Marking 'high' because apps with access to pulseaudio can currently eavedrop on users. If the app is allowed to do networking (the default for apps), then it can ship that information off to a server somewhere.
Note 1, the alert to indicator-sound must happen via the out of process pulseaudio server and not the confined app itself to be effective.
Note 2, we should consider how to enforce this for foreground apps only. Application lifecycle should probably handle this for 13.10 (apps are suspended if not in foreground or if the screensaver is on), but we don't want an app on the converged device to record in the background when the user isn't paying attention. Example eavesdropping attack: start recording only when the screensaver is on (perhaps inhibiting the screensaver during recording would be enough).
<https://wiki.ubuntu.com/AccountPrivileges#Phone>: "On the phone, if an app tries to access your ... microphone ... or video recording, this should be subject to permission. “Video recording” should be separate from “Camera” so that an app does not need two permissions when recording video, one for the camera and one for the microphone. If an app has permission to record video, it should have access to the microphone whenever it is recording video..." |
|
2015-07-02 12:51:27 |
Matthew Paul Thomas |
tags |
application-confinement ota-1 rtm14 |
application-confinement lorcha ota-1 rtm14 |
|
2015-07-07 18:34:14 |
Pat McGowan |
canonical-devices-system-image: milestone |
ww28-2015 |
ww34-2015 |
|
2015-07-15 14:41:48 |
David Henningsson |
pulseaudio (Ubuntu): status |
Triaged |
In Progress |
|
2015-07-15 14:41:51 |
David Henningsson |
pulseaudio (Ubuntu): assignee |
|
David Henningsson (diwic) |
|
2015-07-21 09:29:49 |
John McAleely |
canonical-devices-system-image: status |
Confirmed |
In Progress |
|
2015-08-14 16:51:00 |
John McAleely |
canonical-devices-system-image: importance |
High |
Critical |
|
2015-08-19 14:35:27 |
John McAleely |
pulseaudio (Ubuntu): status |
In Progress |
Fix Released |
|
2015-08-19 14:35:32 |
John McAleely |
canonical-devices-system-image: status |
In Progress |
Fix Committed |
|
2015-08-31 15:17:27 |
Pat McGowan |
canonical-devices-system-image: status |
Fix Committed |
Fix Released |
|
2016-06-13 19:06:35 |
Andrey Skvortsov |
bug |
|
|
added subscriber Andrey Skvortsov |
2021-09-09 17:08:43 |
Fly Wave |
bug |
|
|
added subscriber Fly Wave |
2021-09-09 17:09:18 |
Fly Wave |
removed subscriber Fly Wave |
|
|
|