Facebook's Project Spartan - Tempest in a Broken Teapot

Friday, June 24, 2011

Rafal Los


Some interesting articles have surfaced lately regarding the Apple vs. Facebook on-going war over 'apps'.

There are two specifically - this one and this one - that I'd like to reference here in this post.

While some analyses of the super-secret Project Spartan that Facebook is supposedly working on center around the Apple vs. Facebook apps war brewing - I think the focus is something else entirely.  

I think the focus, from a technology perspective, is HTMLv5.

As the TechCrunch article points out - things are about to get a lot more interesting in the mobile world. Here's my unprofessional rendering of what's really happening...


What you're seeing here is basically 3 "Apps" running on top of iOS. Each of these 3 requires iOS permission and gives iOS direct control, and by iOS I mean Apple.  Now, inside Safari, iOS loses control, somewhat.  

Safari is tasked with running under iOS's purview - but since Safari now supports HTMLv5 - that 'browser' is now capable of so much more than just HTML content.

Enter Facebook Apps.  

So it's become apparent that in the fight for control of 'users'... specifically on mobile devices - when the installable app battle is lost, the next logical step is to relocate that battle inside the browser. Interesting.

OK - so what does it all mean, and why do you care?

You care because now these 'apps' will have potential control and access to real money (Facebook Credits) and can really make your life interesting. The extensibility of HTMLv5 is mind-blowing... and this brings a cargo-ship load of security concerns.

Although, on the other hand... if we can contain all apps within the browser, we just have the one attack surface to secure right? So all Apple has to do is secure Safari, and make sure it has no HTMLv5-related security issues.  Easy!

I don't know about you - but every time I hear "the browser is the operating system" I die a little inside. Browser security being what it is, and HTMLv5 complexity being what it is... we're in for an interesting ride indeed.

If you still don't believe that web applications are taking over the world - pull your head out of your sandbox.

Cross-posted from Following the White Rabbit

Possibly Related Articles:
Information Security
Apple Facebook Browser Security Application Security iOS Project Spartan HTMLv5
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.