New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 669107 link

Starred by 1 user
Status: Duplicate
Owner: ----
Closed: Nov 2016
Cc:
avayvod@chromium.org
dalecur...@chromium.org
mlamouri@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Bug-Regression



Sign in to add a comment

Incognito media playback notifications persist device-wide, leaking website and

Project Member Reported by fischman@chromium.org, Nov 28 2016 
PRIVACY ISSUE
<video>/<audio> playback triggers a notification for the duration of playback.  These notifications are viewable in the notifications log for a while after the incognito tab (and chrome) are closed, potentially leaking privacy-sensitive info.
IMO incognito playbacks should prefer to preserve privacy (by not showing a notification) over the usability enhancement of having the persistent notification during playback.  (note that the Incongito notification will still show, and that's maybe also problematic, but seems like a different issue)

VERSION:
Chrome Version: 54.0.2840.85 stable
Operating System: Android NDE63V (and at least also on M, but probably all the way back to JB 4.3)

REPRODUCTION STEPS
- browse in incognito mode
- play a youtube video, at least long enough for the notification to show
- close all incognito tabs, side-swipe-kill chrome from Recents

Expect: no evidence of the video playback remains on device
Actual: Notification Log shows the following info until its flushed from the log's queue (by enough other notifications being shown later) or until device restart.

Johny Johny Yes Papa and Many More Videos | Popular Nursery Rhymes Collection by ChuChu TV - YouTube [Mon Nov 28 09:51:13 PST 2016]
Chrome
pkg: com.android.chrome
key: 0|com.android.chrome|2131558444|null|10056
icon: Icon(typ=RESOURCE pkg=com.android.chrome id=0x7f020053)
sound: none
vibrate: none
visibility: PRIVATE
priority: DEFAULT
intent: Intent(pkg=com.android.chrome (activity))
delete intent: Intent(pkg=com.android.chrome)
actions
  0 title: Play
    intent: Intent(pkg=com.android.chrome)
extras
  android.title: Johny Johny Yes Papa and Many More Videos | Popular Nursery Rhymes Collection by ChuChu TV - YouTube
  android.subText: https://m.youtube.com
  android.template: android.app.Notification$MediaStyle
  android.showChronometer: false
  android.text: 
  android.progress: 0
  android.progressMax: 0
  android.showWhen: false
  android.infoText: null
  android.originatingUserId: 0
  android.progressIndeterminate: false
  android.remoteInputHistory: null
  android.compactActions: [I@eb05996
parcel size: 1760 ashmem: 0

Comment 1 by dalecur...@chromium.org, Nov 28 2016

Cc: avayvod@chromium.org mlamouri@chromium.org
Thanks for filing. It seems like we need to disable the media session API in incognito mode or at least sanitize the title in these cases.

Comment 2 by mlamouri@chromium.org, Nov 29 2016

Mergedinto: 629887
Status: Duplicate (was: Untriaged)

Sign in to add a comment