Bug 773117 (app-blocklisting)

Blocklisting for apps

RESOLVED WONTFIX

Status

Firefox OS
General
RESOLVED WONTFIX
6 years ago
4 months ago

People

(Reporter: ladamski, Unassigned)

Tracking

({feature, sec-want})

unspecified
feature, sec-want
Dependency tree / graph

Firefox Tracking Flags

(blocking-kilimanjaro:+, blocking-basecamp:-)

Details

(Whiteboard: [WebAPI:P3][LOE:S])

(Reporter)

Description

6 years ago
We need to figure out a blocklisting mechanism for apps.  Note that it will probably have to be different for web installed vs trusted/certified apps.
(Reporter)

Updated

6 years ago
Group: webtools-security
(Reporter)

Updated

6 years ago
blocking-basecamp: --- → ?
blocking-kilimanjaro: --- → ?
(Reporter)

Updated

6 years ago
Depends on: 773118
Keywords: sec-want
(Reporter)

Updated

6 years ago
No longer depends on: 773118
(Reporter)

Updated

6 years ago
Component: General → General
Product: Web Apps → Boot2Gecko
blocking-basecamp: ? → +
blocking-kilimanjaro: ? → +
Assignee: nobody → ladamski
(Reporter)

Updated

6 years ago
Blocks: 780662
Whiteboard: [WebAPI:P3]
Keywords: feature
(Reporter)

Comment 1

6 years ago
Here's the strategy, such as it is for basecamp:

a) certified apps: we push out a gecko update with fixes to the affected app
b) privileged apps: we push out an update containing an "I'm sorry but this app has been disabled due to ..." shim.
c) web installed apps: we can pull them from the app store but not really revoke them on the device directly.  Unfortunately AFAIK we also don't yet have SafeBrowsing support.  The latter arguably is a better solution anyway.
Whiteboard: [WebAPI:P3] → [WebAPI:P3][LOE:S]
I don't think we'll have time to do this before feature freeze. We can always fake this by pushing an update which disables the app.
blocking-basecamp: + → -
Crap, I hadn't seen comment 1 when I made comment 2.

So do you agree that there is no work that's needed to be done in Gecko/Gaia for v1 then?

Should we file a separate bug on the marketplace for doing whatever they need to do in order to make comment 1 possible? I.e. put it into our policy that we have the right to push such an update, and possibly prepare code so that we can execute quickly if needed?
Alias: app-blocklisting
(Reporter)

Comment 4

6 years ago
Yeah I don't think there's anything meaningful we can do for 1.0 on the client side.  Filing a bug against Marketplace is a good idea.
(Reporter)

Updated

6 years ago
Depends on: 792309
(Reporter)

Updated

5 years ago
Assignee: ladamski → nobody

Comment 5

4 months ago
Firefox OS is not being worked on
Status: NEW → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.