Security/privacy considerations

[lknik]

Please find below the security/privacy considerations. I tried to think broadly. I am also aware of #4, but the considerations proposed below are broad enough to include this issue.

Proximity Sensor provides information about the distance between an object (such as the user) and the device. As such, it reports the information environmental information, as well as the device use patterns. Among the privacy risks are: information leaks and behavioral analysis.

Information leaks may arise as a result of the proximity sensor readout analysis. Distance between the user and a device might be distinctive and help to differentiate between users; a similar comment applies to the frequency of the distance changes. In this case, behavioral analysis resulting from the analysis of users’ patterns of use.

Possibility of using the values of max and distance as short-lived identifiers cannot be ruled out. The consequences are unexpected.

Recommendations follow.

The user agent MUST expose adequately discretized and minimized distance values.

The user agent MUST inform the user about the current and past use patterns of the API.