From MozillaWiki
Jump to: navigation, search
Draft-template-image.png THIS PAGE IS A WORKING DRAFT Pencil-emoji U270F-gray.png
The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly.
If you have any questions or ideas, please add them as a new topic on the discussion page.

Note: Please don't edit. Contact Mike Hanson and Ragavan Srinivasan if you have questions.

Platform Support for In-Firefox Apps

Core platform

  • In-Firefox application management
    • List, organize, delete
    • Support for multiple installs by different users?
    • Whitelist trusted stores
      • Option for user to add to whitelist?
    • Apps display in AwesomeBar
    • Interactive, attractive dashboard for mouse-oriented systems
    • Interactive, attractive dashboard for touch-oriented systems
    • Whitelist of trusted dashboards
      • UI to allow user to add to, and remove from, dashboard whitelist
    • Improved integration with about:permissions?
    • Bulk reinstall from trusted stores
    • Store list of trusted stores
      • UI to display list of stores, add, remove
      • API to ping stores for updates
  • Privilege Escalation
    • More storage for IndexedDB and app cache
    • Replace context menus
    • Check protocol/content-type handling
    • Capture mouse events
    • Go fullscreen with fewer restrictions
    • Get device info about battery, bandwidth, ?
    • Create persistent workers
    • Register as protocol or content-type handler after prompt
    • Allow addition of App specific menus (e.g. Twitter App can add a tweet, retweet etc. menu)
  • Integration with about:permissions to explain when extra permissions are granted to an app
  • Device access
    • Camera
    • Microphone
    • GPS/Geolocation
    • Accelerometer
    • USB
    • Bluetooth
    • NFC
  • Web Activities/Intents
    • Registration and list
    • UI for mediation, just-in-time install
    • Resource-management issues: panel per tab, panel per window, on-demand panels
      • Clean up resource associated with panels appropriately (harder with slow requests)
    • Support for login/credential management from mediator
    • Built-in mediators for
      • Share
      • GetProfile
      • GetContacts
  • Sync mechanism for Apps
  • Blocklist for known bad-actor apps?
  • Integration with notification service for about:home or other chrome?
  • Discover Apps as you browse the web

Platform Support for "Standalone" Apps

Core Platform

  • Domain-pinning - return to browser for out-of-app links
    • Exception list for (e.g.) federated login
  • Multi-process profile management
    • Access cookies, local storage, more? in external process back to core profile?
  • Detection of apps deleted from OS, or deleted from browser; synchronize?


  • Creation of APK for launcher integration?
  • Widget for launcher integration
  • Execution of Fennec in full-screen/chromeless mode
  • Integration with OS-level Intents registry


  • Integration with Windows shell as proper application
  • Document type association
  • Task bar icon
    • Task bar icon badging
  • Jump list
  • Support for both MDI and SDI modes
    • Multi-window application handling, including inter-window state and messaging
  • Floating window/palette support
  • A10Y?
  • Toast notification


  • Creation of .app bundle with icon, document types
  • Proper Application menu
  • Support for dynamic menu construction
  • Correct handling of system-level Open, Print, Quit, return-to-focus, Expose/Mission Control events
  • Multi-window application handling, including inter-window state and messaging (App Delegate support)
  • Floating window/palette support
  • A10Y?
  • Growl notification


  • TBD - focus on small number of distros? pick one window manager for now?



Application Catalog

  • List by Category, Search
  • Detail page
    • Display of licensing data, privacy policy, other attributes
    • Reviews and rating
    • Display of required characteristics (see Compatibility System)
  • Trending apps
    • By geography, free/paid, social?
  • Try an app before buying

User Application Management

  • Maintain list of user's chosen apps
    • Provide access to list by trusted third parties (e.g. OAuth?)
    • Provide option for public list
  • Maintain list of "active" apps (when I delete, it should stop appearing)
  • Detect when browser and store are out-of-date and offer to recover
    • Trigger bulk reinstall if needed
    • Notice purchased-but-not-installed apps
    • Use timestamps to deal with client-side deletes?
  • "Visitor" mode - get to my apps when I'm on a machine that is not my own
  • Support for public lists of apps ("collections")

Browser Compatibility system

  • Construction of feature list
  • Construction of per-User Agent feature compatibility matrix
  • Filtering of category, search, detail by browser compatibility
    • By default, users should see only apps that work with their current user agent
      • Particular attention to touch-friendly apps
    • Option to display all apps, including non-functional ones
  • Support for resolution/display size limits
    • Extraction of CSS media data from page?

Payment processing system

  • Basic transaction storage
    • Pay keys, correlation IDs, timestamps
  • IPN receiver endpoint
    • Store payment clearance confirmation, timestamps
  • Preapproval key generation flow
  • Preapproval storage
    • Preapproval key
    • Presence of PIN
    • Preapproval revokation
  • Basic (non-preapproved) payment flow
  • Preapproval failure flow (expired, limit reached, wrong currency) - fall to basic or re-preapprove?
  • Transaction failure flow
    • IPN notification of payment failure?
  • Subscription/funding plan flow
    • Payment-processor supporting funding plan vs. store-managed payments?
  • In-application payments
    • Through an activity
      • Preapproved case is fairly straightforward
      • Non-preapproved case involves numerous difficult UX corners
    • Through a web-based redirect (clunky)
    • Through an instant notification (nice; harder to scale)

Developer-facing features

  • Application submission and post-submission editing, including L10N
  • Application pricing control
    • Regional pricing?
    • Support for promotional codes?
  • Application detail page metrics
    • Visits, installs, search terms, inbound traffic analysis
  • Transaction reports
  • Bulk notification system (e.g. push a message to all users)

Application review

  • Workflow, user-initiated compaints, escalation, DMCA takedown process, appeal and reinstatement process
  • Coordination with Safe Browsing API and/or app blocklist for malware/bad actors

Recommendation Engine

  • Application recommendation engine (server-side)
    • Based on application similarity
    • Based on user-selected installs
    • Based on public lists of user-selected installs (other users)
  • Social activity recommendation engine (client-side, linked to social activity stream)

Purchase and Receipt Management

  • Maintain list of user purchases
  • Generate receipts as needed
    • Sign receipts using high-value private key, at high volume (HSM needed)
  • System to manage refund requests from developers
  • System to manage payment reversals
    • Do we need to deal with receipt revocation? If so, how?

Client Platform Support

  • Firefox Desktop
    • Check for missing/new apps on load
  • Firefox Mobile
    • Check for missing/new apps on load
  • Mobile Safari
    • Prompt and animation for "add to home screen"
      • For store
      • For apps
    • If an app is installed, convert landing screen to launcher + "get more"
    • HTML5 application storage should be 100% served from cache
  • IE[6-9], Chrome, desktop Safari
    • TBD
  • Android Browser
    • TBD

Developer Libraries

  • launch.js
    • determine if app is installed; offer to install if not
    • determine if receipt is present; offer to visit store if not
    • if receipt is present, deliver to server for validation
  • server validation logic in
    • Python
    • PHP
    • Java, ASP, Ruby, node, bash script?

Social Activity Stream

  • Service to maintain BrowserID-keyed queue of application events
  • DOM API to inject events into queue
  • Server-based access control system to provide access to events to other BrowserID-keyed users
  • DOM API to retrieve events from queue


  • Update manifest to include optional licensing data, EULA, privacy policy.
  • Update manifest with required device capabilities (touch, geoloc)
    • Coordinate with feature/capability list defined by store
    • Metadata should include required/optional
    • Resolution requirements

Notification Service

  • Details TBD

Identity System

  • Support for directed identity assertion
    • In
    • In Identity addon