summaryrefslogtreecommitdiff
path: root/docs/html/sdk/api_diff/22/changes
diff options
context:
space:
mode:
authorSvet Ganov <svetoslavganov@google.com>2016-07-14 16:08:09 -0700
committerSvetoslav Ganov <svetoslavganov@google.com>2016-07-14 19:16:42 -0700
commitb3b22cba86dd6e010c5fac3d044990f155a33381 (patch)
treeddff80942ca87ec316162c461d8895d9c0d06482 /docs/html/sdk/api_diff/22/changes
parent185131442ba9f2356e12ee66f2048f8d91316d34 (diff)
Prevent apps to overlay other apps via toast windows
It was possible for apps to put toast type windows that overlay other apps which toast winodws aren't removed after a timeout like toasts are. Now to add a toast window one needs to have a special token. The token is added by the notificatoion manager service only for the lifetime of the shown toast and is then removed including all windows associated with this token. This prevents apps to add arbitrary toast windows. The token is passed in the app domain in the request to construt and add the toast window which allows a bad app to add arbitrary toast windows. However, this is fine since the token will be invalided and all of its windows removed after the toast for which it was create times out. We do not care of braking apps that add toast windows directly due to the security and privacy implications of arbitrary UI redressing. Also we have dedicated Toast APIs which are the way to add this time of UI. bug:30150688 Change-Id: I65372c81a791489de89fb2886cc96392c28680bb
Diffstat (limited to 'docs/html/sdk/api_diff/22/changes')
0 files changed, 0 insertions, 0 deletions