From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

How to contribute to Firefox OS Security

If you are willing to help making Firefox OS safer for users, there are several ways to contribute:

Implementing OS features

The Firefox Os Security team is tracking a list of security-related features to be explored or implemented.

Security features list

(This list is to be validated and improved by adding a first good bugs section)

Improved privacy
Full Query
ID Summary Status Assigned to
1033580 openvpn support NEW

1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);

  • Encrypted messaging
  • UI for controlling VPN settings (VPN)
  • VPN configuration importing
Browser security features

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

Platform Security features

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

Improved permission management

No results.

0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);

  • Global permission control for all apps and services
  • Per permission view for permissions (e.g. which apps have access to my contacts)
  • Security app center

Good practices for contributing

For your contribution work to be successful, it is essential you follow some good practices:

Get in touch with us early

Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. You can start by contacting us, we will help you get in touch with the right people:

  • IRC channel #FxOSSec on
  • The public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.

You can also start a discussion:

Learn how to use Bugzilla

You'll find plenty of useful resources on MDN, especially about how to submit a patch.

Ask for feedback early

It is recommended you ask for feedback early, if possible as soon as you have a working prototype (you can use the "feedback" tag on Bugzilla). This will enable you to make sure everybody (UX, OS, security people) is aware and agrees on the direction you're taking with your implementation, and you'll possibly receive good advice for the remaining implementation work.

Writing security web apps

You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS.

This etherpad tracks the apps known to be currently available on the Marketplace.

TO BE ADDED: list of apps to be ported on Firefox OS

Doing security reviews

Firefox OS reviews

The security team regularly reviews new features in Firefox OS:

  • Gaia (TODO)
  • Gecko/Gonk (TODO)

Apps reviews

Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is:

Review guidelines for web apps

To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, WebIDE or the App Manager):

  • install the app (on the simulator or on a real device)
  • then use the DevTools to debug it and have access to the source code

How to report a security issue:

Translating security documentation on MDN

You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages:

For more information about how to provide translation for MDN pages, you can consult these guidelines.

Learning resources