Current B2G Reviews

	A	B	C	D	E	F	G
1	API	Description	Contact	Secreviewer	SecReview Page	SecReview Bug	Notes
2	Screen Orientation	Get notification when screen orientation changes as well as control which screen orientation a page/app wants.			https://wiki.mozilla.org/Security/WebAPI/ScreenOrientationAPI		Very simple API, no permissions involved. Similar risks to acceleromter (this is just a slight extension of acceleromater)
3	Camera API ( Mediastream API?)	Access to the camera to capture images or video stream.			Is there prior work here? If not, a fresh review is here: https://wiki.mozilla.org/Security/WebAPI/Camera_API		Use cases still being discussed, but should be proactive since this is very large and complicated. Relates closely to mediastream, getUserMedia and WebRTC (ie, stream access not just a photo, video clip or audio clip)
4	Open WebApps	Install web apps and manage installed webapps. Also allows an installed webapp to get payment information. Everything needed to build a Opeb WebApps app store.		dchan? rforbes?	https://wiki.mozilla.org/Security/WebAPI/OWA_API		B2G Implementation of Navigator.mozApps mainly.
5	WebTelephony	Allow placing and answering phone calls as well as build in-call UI.		ptheriault	https://wiki.mozilla.org/Security/WebAPI/Web_Telephony	https://bugzilla.mozilla.org/show_bug.cgi?id=747292	Telephone UI, similar to SMS.
6	WebSMS	Send/receive SMS messages as well as manage messages stored on device.		ptheriault	https://wiki.mozilla.org/Security/WebAPI/WebSMS		Meeting done, actions being completed
7	Browser API	Enables implementing a browser completely in web technologies.			https://wiki.mozilla.org/Security/B2G/Browser_API		The B2G browser is an iframe of type mozbrowser (eg <iframe mozbrowser>). This is a special frame that allow a web app to behave like a browser. A lot of security review and testing is likely needed to validate the design and assuptions of this.
8	Settings API	Set system-wide configurations that are saved permanently on the device.			https://wiki.mozilla.org/Security/WebAPI/Settings_API		API to make global settings changes etc. Will depend on permissions model - need to catalogue and review approach.
9	Socket API	Low-level TCP socket API. Will also include SSL support.		ptheriault	https://wiki.mozilla.org/Security/WebAPI/Socket_API		Expose TCP/IP sockets to web content. Similar issues to the ones Web Sockets attempt to mitigate.
10	RIL/WebTelephony: Emergency calls RIL: MMS support RIL: SIM lock RIL: STK support RIL: Network Manager RIL: 3G configuration RIL/WebTelephony: multiprocess support RIL: support CDMA	https://bugzilla.mozilla.org/show_bug.cgi?id=714973 https://bugzilla.mozilla.org/show_bug.cgi?id=713471 https://bugzilla.mozilla.org/show_bug.cgi?id=731786 https://bugzilla.mozilla.org/show_bug.cgi?id=b2g-stk https://bugzilla.mozilla.org/show_bug.cgi?id=717122 https://bugzilla.mozilla.org/show_bug.cgi?id=741862 https://bugzilla.mozilla.org/show_bug.cgi?id=743008	vicamo / price / kanru / yoshi / philikon/ jaoo (telefonica) hsinyi		https://wiki.mozilla.org/Security/WebAPI/RIL		The RIL appears to be done out of taiwan. Need to determine what parts need reviewing
11	Gaia Apps				https://wiki.mozilla.org/Security/B2G/Gaia_Apps		The Gaia apps all need web app testing. Currently investigating best option for testing (B2G Desktop or Emulator)
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100