Confirmed users
448
edits
Marketplace/Reviewers/Apps/Testing: Difference between revisions
Jump to navigation
Jump to search
Marketplace/Reviewers/Apps/Testing (view source)
Revision as of 16:03, 22 January 2013
, 22 January 2013no edit summary
No edit summary |
|||
| Line 72: | Line 72: | ||
* Check the type entry. If there is no type entry in the manifest, or its 'web', the app should be treated the same as a hosted one so it is not necessary to check the js code. | * Check the type entry. If there is no type entry in the manifest, or its 'web', the app should be treated the same as a hosted one so it is not necessary to check the js code. | ||
* If the type is 'privileged' then the app has access to extra APIs and all code needs to be inspected before approval. (See subsequent steps) | * If the type is 'privileged' then the app has access to extra APIs and all code needs to be inspected before approval. (See subsequent steps) | ||
* Take note of any requested permissions in the manifest. There is a [Marketplace/Reviewers/Apps/Permissions|Security Checklist] of available APIs and what they might be used/abused for. | * Take note of any requested permissions in the manifest. There is a [[Marketplace/Reviewers/Apps/Permissions|Security Checklist]] of available APIs and what they might be used/abused for. | ||
* Check all the files, in particular the .js files (thankfully inline js and external files aren't allowed by the CSP), paying attention to how any permissions requested are used. **Need to expand here a little** | * Check all the files, in particular the .js files (thankfully inline js and external files aren't allowed by the CSP), paying attention to how any permissions requested are used. **Need to expand here a little** | ||
* Launch the app on the device and give the app a quick try and see what experience a new user would have. | * Launch the app on the device and give the app a quick try and see what experience a new user would have. | ||