Hacker News new | past | comments | ask | show | jobs | submit login

On top of this, Firefox for Android now demands access to your contacts list. The browser itself has no need for your contacts list. But Mozilla Sync and Pocket do.



Actually, it's access to "Your accounts" that Firefox for Android now wants. That's for "Sync", or so they say.

A browser shouldn't have access to your accounts. That opens up a big attack surface.


Actually, it seems to be to implement the "Contacts API": https://bugzilla.mozilla.org/show_bug.cgi?id=857730

https://hg.mozilla.org/mozilla-central/rev/1d77c3062662

Note that it's only enabled in Nightlies with no plans to ship.


Is that in Nightly?

https://support.mozilla.org/en-US/kb/how-firefox-android-use...

Doesn't list that permission. I see no reason why Pocket or Sync would require that permission, although Hello likely does.


Thank you for pointing out this possible problem. Must keep eyes open. It is disappointing that it is necessary.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: