Closed Bug 958747 Opened 10 years ago Closed 10 years ago

Request deletion from APK Factory if the app is naughty

Categories

(Marketplace Graveyard :: Integration, defect, P4)

Product:
Marketplace Graveyard
Component:
Integration
Platform:
x86
macOS
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: andy+bugzilla, Assigned: kumar)

References

Details

(Whiteboard: [apk-factory]) 

If an app, or a version of an app has a security hole, we'll need to remove it from the APK Factory cache. Having a signed version of an app that has a known security issue in it would be a no-no.

In AMO we remove addons if old versions have been disabled. Likewise something should happen here. Perhaps when a version is deleted or disabled from the marketplace, we can send a API ping to the APK Factory and ask it to delete the affected builds.
Flags: needinfo?(rforbes)
Flags: needinfo?(myk)
Ozten rightly pointed out that we aren't really signing it with a Mozilla key, we are signing it on behalf of the developer. This is an important distinction from how signed packaged apps work. Still the idea of having an app that has a known security flaw on our cache somewhere, makes me feel nervous. So not sure.
Indeed, it wouldn't hurt to have a way to purge the cache, although we'll want to ensure that it isn't abused to mount a DOS attack on the factory.  I can readily imagine how to do that for Marketplace, but I'm unsure how to do it for marketplaces generally.
Flags: needinfo?(myk)
Blocks: 896007
Assignee: nobody → kumar.mcmillan
Component: FxA → Integration
When we discussed this we said we'd make the APK cache poll manifest URLs every once in a while and expunge the ones that are 404s. When the Marketplace finds a malicious hosted app it will delete it and the URL will be gone. In this approach we would not be policing hosted app URLs. Those wouldn't be installable anyway since the Marketplace won't list them.

Marking as a P4 because the install button won't be visible for deleted manifest URLs.
Priority: -- → P4
Blocks: 958329
No longer blocks: 896007
(In reply to Kumar McMillan [:kumar] (needinfo for quickness) from comment #3)
> Marking as a P4 because the install button won't be visible for deleted
> manifest URLs.

Discussed with kumar and if the Marketplace doesn't allow the install, that's fine by me. 

We can't really stop people using the APK Factory to sign a malicious app, host it for them and stick a "install me" button on the developers website. We can only really police the Marketplace.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
Flags: needinfo?(rforbes)
You need to log in before you can comment on or make changes to this bug.