Re: [sysapps/runtime] can user add another store apps?

On Wed, Mar 27, 2013 at 5:36 AM, John Lyle <john.lyle@cs.ox.ac.uk> wrote:
> On 23/03/13 07:11, Jonas Sicking wrote:
>>
>> The current runtime spec allows any website to act as a store. And
>> since apps have all the capabilities of websites, that means that by
>> extension you can write an app which is a store too.
>>
>> So you don't even need a webstore app. You could simply rely on using
>> websites to do this.
>>
>
> Hi Jonas,
>
> In previous messages you have mentioned that the goal of the security model
> is that "users can always safely install any application from anywhere" (see
> attached).  I had assumed that one of the ways in which this would be
> achieved is by expecting people to use only a few trustworthy app stores.
> In combination with sensible API design and permissioning, of course.
>
> However, from this email it appears that any application can potentially act
> as a store, and that websites can too.  I therefore see quite a big gap in
> the current security model in how to ensure only trustworthy stores & apps
> are used.  Would you or Mounir be able to clarify a few more details about
> how Firefox OS manages to bridge this gap?  What constraints is the runtime
> expected to place on app store 'installation'?

Simplified: The runtime only allows apps from trusted stores to
install apps that use privileged APIs. All apps installed through
untrusted stores are limited to using "normal" APIs and thus can't do
things that normal websites couldn't do.

Full story: Apps installed through untrusted stores can't use
"privileged" or "certified" APIs. But in addition to doing things that
normal websites can do, they can also do things that use system
resources (run in the background, save data on disk) as well as things
that could potentially annoy the user (play audio in the background,
display notifications)

/ Jonas

Received on Wednesday, 27 March 2013 22:55:03 UTC