Marketplace/Reviewers/Apps/Guide/AppsQueue: Difference between revisions

From MozillaWiki
< Marketplace‎ | Reviewers‎ | Apps‎ | Guide
Jump to navigation Jump to search
Line 16: Line 16:


Where possible try to review apps in queue order, prioritizing the apps at the top of the queue. Sometimes apps at the top of the queue are waiting for more information from the developer or are blocked on some other issue, so if you see a note in the app history and you don't know how to resolve the blocker, just skip to the next app.
Where possible try to review apps in queue order, prioritizing the apps at the top of the queue. Sometimes apps at the top of the queue are waiting for more information from the developer or are blocked on some other issue, so if you see a note in the app history and you don't know how to resolve the blocker, just skip to the next app.
== Testing Procedure - Packaged Apps ==
The procedure is similar to [[#Testing_Procedure_-_Hosted_webapps|hosted apps]].  Currently packaged apps are only fully supported on FirefoxOS, though Android support is already in Nightly builds.  Packaged App installation requires [[Marketplace/Reviewers/Apps/InstallingReviewerCerts|adding additional certificates]] to the phone.
'''Make sure the app is non-privileged.  A privileged app is indicated by a Red P in the review queue (though not search results!), and then on the review page with "Type: Privileged Packaged App". See the [[#Testing_Procedure_-_.2APrivileged.2A_Packaged_Apps|privileged section]] for how to review those (staff only currently!)'''
See the [https://developer.mozilla.org/docs/Apps/Marketplace_review_criteria Marketplace Review Criteria] for details of what we allow and don't allow in Apps for listing on Marketplace.  The steps below outline the brief procedure, not the policy.
* Check the app has a sensible name, summary, description and icon.  The description should be extensive enough for a user to understand what the app does (you may need to revisit this after launching the app). If not, reject.
* The manifest url (view) link contains a copy of the manifest inside the (zip) package.  Check this as you would a hosted app .
* Take note of any '''requested permissions''' in the manifest.  There is a [[Marketplace/Reviewers/Apps/Permissions|Security Checklist]] of available APIs and what they might be used/abused for.  There are only a few APIs are available to hosted/non-privileged apps (alarms, desktop-notification, geolocation, fmradio)
* As a last check, look for the '''type''' entry.  If there is no type entry in the manifest, or its 'web' the app is unprivileged.  If the type is 'privileged' then see the [[#Testing_Procedure_-_.2APrivileged.2A_Packaged_Apps|privileged packaged app section]] below.
* Press the install button. On mobile platforms a shortcut will appear on your homescreen.
* Check the '''app's shortcut has an icon'''.  The default rocketship icon is not allowed any more.  If not, reject (there is a canned response). 
* '''Launch the app'''.  If the app doesn't launch as you would expect (most commonly a directory listing) then their launch_path may be incorrect.
* Give the app a '''quick try''' and see what experience a new user would have. 
* Some apps require a login.  If its straightforward you should register as a new user (to see what experience an actual user would have).  If the app requires paid credentials; specific details; or isn't in a language you can understand sufficiently you can request a username & password - there is a canned response - with Request Information.
* All links load within the App unless explicitly specified otherwise so we need to check the app doesn't have any links (often in a navigation bar) that take the user out of the App 'experience' and strand them in a normal website (remember there is no back or home button in an app!).  If there are such links then reject and explain they need to add the target="_blank" parameter to launch the link externally (in Firefox proper)
* If an app is '''Paid''' then check the receipt has been checked by the app - look next to the price on the review page.  If not we should recommend they do that (its not a requirement).  There is a canned response.
* Its important to note that we don't make any relevance or quality judgements about how the app ''looks'' in an App Review, only that it functions correctly.  The [https://developer.mozilla.org/docs/Apps/Marketplace_review_criteria review criteria] document should be consulted. You can make suggestions about how to improve the app though if you notice anything that would make it better.
If there is anything that requires Admin/Staff attention you can request a super review.  This will remove the app from the current queue and place it in the Escalation queue.


== Testing Procedure - *Privileged* Packaged Apps ==
== Testing Procedure - *Privileged* Packaged Apps ==

Revision as of 21:34, 25 April 2014

Processing the Queue

The primary 'Apps' queue is where you'll see new submissions and resubmissions for new apps that were rejected. The queue is sorted by waiting time from the most recent submission, with the oldest submission at the top.

The columns:

  • App name: This is a link to the review details page, also sometimes called the app history page. A lock icon next to it means that another reviewer is currently looking at this app, so check with them before making changes.
  • Flags
    • Pending info request: a blue icon with an 'i' in the middle. A reviewer has requested additional information from the developer. The response from the developer will be sent to the app-reviewers mailing list.
    • Reviewer comments: a user icon with a speech bubble. This means a reviewer has left a comment about the submission, such as making a note about login info, or asking for other reviewers to verify a bug. Developers can't see these comments.
    • Packaged app: a yellow cube. This is a packaged app, meaning the contents are packaged into a zip file which is downloaded from Marketplace, rather than being hosted from the web. The review process for packaged apps is the same as hosted apps, but developers must submit updated versions for approval.
    • Privileged app: a Red P. This only applies to packaged apps. These apps request additional API's that can access sensitive user data, such as contacts. Privileged apps go through an additional code review process and can only be reviewed by senior reviewers, but reviewers of all levels can still see them in the queue.
  • Waiting time: How long the app has been waiting in the queue.
  • Devices: The devices this app supports. Options are Desktop, Firefox Mobile (Android), Firefox Tablet (Android), Firefox OS. Don't review apps that are submitted for devices you don't have.
  • Payments: Specifies the payment type of the app. [Documentation about payments https://developer.mozilla.org/en-US/Marketplace/Monetization/Profiting_from_your_app]

Tip: you can hover over an icon for a short description of what it means.

Where possible try to review apps in queue order, prioritizing the apps at the top of the queue. Sometimes apps at the top of the queue are waiting for more information from the developer or are blocked on some other issue, so if you see a note in the app history and you don't know how to resolve the blocker, just skip to the next app.

Testing Procedure - *Privileged* Packaged Apps

These should only be reviewed by Marketplace Staff currently.

The procedure is similar to hosted apps. Currently packaged apps are only supported on FirefoxOS. Packaged App installation requires adding additional certificates to the phone.

See the Marketplace Review Criteria for details of what we allow and don't allow in Apps for listing on Marketplace. The steps below outline the brief procedure, not the policy.

  • Check the app has a sensible name, summary, description and icon. The description should be extensive enough for a user to understand what the app does (you may need to revisit this after launching the app). If not, reject.
  • The manifest url (view) link only contains some details from the actual manifest, which is inside the (zip) package. To download the package for offline inspection, etc, click the 'package_path' link - this shouldn't be routinely necessary.
  • In the version table at the bottom of the view load the validation report and inspect any warnings/errors.
  • Then inspect the app contents via the 'contents' link.
  • The first file should be the manifest.
  • Take note of any requested permissions in the manifest. There is a Security Checklist of available APIs and what they might be used/abused for.
  • Read the code in all the files one by one, in particular the .js files (thankfully inline js and external files aren't allowed by the CSP), paying attention to how any permissions requested are used.
    • If the code is minified or obfuscated then readable source should be requested via info request (there is canned response)
  • It may be necessary to search for an inspect different parts of the files, or other files, to establish how a particular piece of code is used. The validator is your friend as it highlights possible issues, but beware of false positives, and false negatives!
  • Launch the app on the device and give the app a quick try and see what experience a new user would have.
  • Some apps require a login. If its straightforward you should register as a new user (to see what experience an actual user would have). If the app requires paid credentials; specific details; or isn't in a language you can understand sufficiently you can request a username & password - there is a canned response - with Request Information.
  • If an app is Paid then check the receipt has been checked by the app - look next to the price on the review page. If not we should recommend they do that (its not a requirement). There is a canned response.
  • Its important to note that we don't make any relevance or quality judgements about how the app looks in an App Review, only that it functions correctly. The review criteria document should be consulted. You can make suggestions about how to improve the app though if you notice anything that would make it better.
Retrieved from "https://wiki.mozilla.org/index.php?title=Marketplace/Reviewers/Apps/Guide/AppsQueue&oldid=969205"