New issue
Advanced search Search tips

Issue 837852 link

Starred by 2 users
Status: Assigned
Owner:
ntfschr@chromium.org
Cc:
changwan@chromium.org
vakh@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Android
Pri: 3
Type: Task



Sign in to add a comment

Invoke PSB#querySafeBrowsingUserConsent's callback with some default value upstream

Project Member Reported by ntfschr@chromium.org, Apr 27 2018 
Right now, the upstream implementation [1] does not invoke the callback. It would be better if the upstream implementation always invoked the callback with some sensible default, and we guaranteed that the callback will always be invoked.

It's important that we continue to treat Safe Browsing as opted-in for AOSP devices, otherwise we can't have meaningful CTS tests. This behavior is essentially harmless, because AOSP devices only check the hardcoded Safe Browsing URLs (chrome://safe-browsing/match?type=malware and =phishing). So, I propose we invoke the callback with "true" and leave a comment explaining why this is.

[1] https://cs.chromium.org/chromium/src/android_webview/java/src/org/chromium/android_webview/PlatformServiceBridge.java?l=57&rcl=087ef223ac784ad99fbe4bab0cd426071bf81b24

Comment 1 by ntfschr@chromium.org, Aug 16 

Proposed alternative: invoke this with `false` upstream (assume the user has not consented), go through the upstream parts of the safe browsing pipeline anyway (to support hardcoded URLs), and abort before entering GMS-related code if the user has not consented.

For AOSP builds: we can implement this with an upstream SafeBrowsingApiHandler implementation.

For Google builds: we can continue to use the downstream SafeBrowsingApiHandler, but we need a way to abort before entering downstream if the user has not consented. This could be an extra method: `boolean SafeBrowsingApiHandler#hasUserConsent()`

Comment 2 by ntfschr@chromium.org, Sep 18

Labels: -Type-Bug Type-Task
Code cleanup

Sign in to add a comment