Changes

Jump to: navigation, search

Apps/Security

122 bytes removed, 06:17, 9 August 2012
Application Lifecycle
==Application Lifecycle==
This section describes the format, installation and updates process for applications.
 
===Format for privileged and certified apps===
We need an application delivery mechanism that provides assurances on app integrity and authenticity, and also allows for well-defined application & privilege scope enforcement so integrity can be maintained at runtime.
 
Apps will be packaged within a zip file format, along with the OWA manifest and a signature. This package will be provided to the app store for the review, which will then sign it upon approval. Upon installation, the client will verify that the signature is valid and chains to a privileged app store.
 
Privileged and certified apps will be accessed via a unique scheme (app://). The domain will correspond to the source of the app. For example, if an app is from "mozilla.org" the corresponding URI for the app would be "app://mozilla.org".
 
 
=== App Signing ===
 
''Definition of the signing format goes here. Brian Smith is working on this.''
 
===Privileged Application Review Guidelines===
We need a set of guidelines that define an acceptable level of security and privacy review for privileged applications. This should include:
*Ensuring that requested permissions are used for the purposes stated (in the permission rationale)
*Use of implicit permissions is appropriate
*Any interfaces between privileged app content and unprivileged external content have appropriate mitigations to prevent elevation of privilege attacks
 
The store is responsible for reviewing the app to ensure that it doesn't do anything dangerous with the permissions it is granted.
 
Since the OpenWebApps API allows any website to become a store, only stores approved by B2G will be allowed to install Privileged apps. Our goal is that multiple stores will become approved for installing privileged app, but given how much responsibility is put on the store, we need to ensure that we put agreements in place to protect users before approving a store for being allowed to install privileged apps.
 
=== Updates ===
 
A lot of the update model is still being defined. Requirements are being collected here at [[Gaia/System/Updates]]
=== Delivery mechanisms ===
More information about why we developed a packaged apps solution is available here: [[Apps/PackagingProposal]]
 
===Format for privileged and certified apps===
We need an application delivery mechanism that provides assurances on app integrity and authenticity, and also allows for well-defined application & privilege scope enforcement so integrity can be maintained at runtime.
 
Apps will be packaged within a zip file format, along with the OWA manifest and a signature. This package will be provided to the app store for the review, which will then sign it upon approval. Upon installation, the client will verify that the signature is valid and chains to a privileged app store.
 
Privileged and certified apps will be accessed via a unique scheme (app://). The domain will correspond to the app id.
 
=== App Signing ===
 
''Definition of the signing format goes here. Brian Smith is working on this.''
 
=== Updates ===
 
A lot of the update model is still being defined. Requirements are being collected here at [[Gaia/System/Updates]]
 
===Privileged Application Review Guidelines===
We need a set of guidelines that define an acceptable level of security and privacy review for privileged applications. This should include:
*Ensuring that requested permissions are used for the purposes stated (in the permission rationale)
*Use of implicit permissions is appropriate
*Any interfaces between privileged app content and unprivileged external content have appropriate mitigations to prevent elevation of privilege attacks
 
The store is responsible for reviewing the app to ensure that it doesn't do anything dangerous with the permissions it is granted.
 
Since the OpenWebApps API allows any website to become a store, only stores approved by B2G will be allowed to install Privileged apps. Our goal is that multiple stores will become approved for installing privileged app, but given how much responsibility is put on the store, we need to ensure that we put agreements in place to protect users before approving a store for being allowed to install privileged apps.
==Out of scope for 1.0==
Ladamski
Confirm
717
edits
Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/459555"

Navigation menu