Mobile/Projects/APK Factory/Meeting 2013 11 21

From MozillaWiki
Jump to: navigation, search

Synth APK Architecture

Nov 21st 9am

Product Requrements discussion.

Project crosses codebases and teams, so let's keep communication open. Two requirements in question:

  • APK Generation support non-Marketplace websites
  • Ability for developers to upload Android signing keys to APK Factory via Marketplace

Bill Walker is in our heads. Always.

Generator is Marketplace only service (?). Off market install will be supported, upon further discussion.

Our vision of Marketplace that mhansen put in was that you can install an app from anywhere. No walled gardens, no "real" marketplace. packaged apps with priveleges is a deviation from this vision, but that is a bug once we know how to secure the handset.

This is the nature of Open Web Apps, install from anywhere.

This had never impacted us from a services perspective, but now we are testing this idea... more work to scale.

Allowing developers consistency in developing Android apps natively and moving into an OWA version.

Migration path is ugly. So waiting will be painful.

Keys are per app (per developer of course). So migrating from our key to the developer's key for a given app... is impossible.

We need to firm up our contract with Infrasec for 1.0 requirements. We can't causally add key uploading, because it drastically changes the surface area of attacks.

Wil would like to review everything again, before we decide if it is in our out.

App review keys? Yep.

Technical people to talk about implementation

How does install work technically.

Install button - link to manifest?

Install button (on Marketplace page) is a trigger's DOM API call to nav.mozApps.install method, baked into platform. Then goes through process of figuring out the manifest URL. Fennec embeds the APK Factory's URL with this manifest URL as a param. The Factory returns the .apk file for the app. Fennec downloads the APK. Install process (Android native). Goes through TBD process register in web app registry in fennec, the app is fully installed. Finally returns a result to webpage - App is installed, hurrah! Marketplace can change to a launch button. It can reload the page. It can call mozApps.getInstalled and check the property isLaunchable then creates a launch button. Or callback could be a timeout. Ya, you can protect for that to turn off a throbber or whatever.

URL for APK Factory is hardcoded in Fennec.

How do we distinguish between reviewer app versus real install.

Problematic - we'd have to change the DOM APIs

How are people testing this?

Tools in App Manager

Client tools to generate APK and push to phone

Review version - the test APK has been uploaded to Marketplace

Do reviewers have an XPI or add-on for changing preferences?

Other Requirements:

  • Review Keys

We've run out of time. Will schedule a follow up meeting with developers to continue talking implementation details.