Closed
Bug 822862
Opened 12 years ago
Closed 12 years ago
Installing a hosted app, change the app manifest data, check for updates, restart app processes - update was silently applied without user consent
Categories
(Firefox OS Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: jsmith, Unassigned)
Details
Build: B2G18 12/18/2012 Device: Unagi Steps: 1. Install a hosted app from testmanifest.com with default manifest: { "name":"Test App ({subdomain})", "description":"This app has been automatically generated by testmanifest.com", "version":"1.0", "icons":{ "16":"http://testmanifest.com/icon-16.png", "48":"http://testmanifest.com/icon-48.png", "128":"http://testmanifest.com/icon-128.png" }, "installs_allowed_from":[ "*" ], "developer":{ "name":"Gregory Koberger", "url":"http://gkoberger.net" } } 2. On testmanifest.com, modify the manifest to not include an icon: { "name":"Test App ({subdomain})", "description":"This app has been automatically generated by testmanifest.com", "version":"1.0", "installs_allowed_from":[ "*" ], "developer":{ "name":"Gregory Koberger", "url":"http://gkoberger.net" } } 3. Go to settings --> device info --> check for updates 4. Restart the phone and unlock it Expected: The app should not have updated on the homescreen, as the user has not consented to updating the app. Actual: The app is updated on the homescreen post a restart without any user consent that he/she wanted the app updated.
Reporter | ||
Updated•12 years ago
|
blocking-basecamp: --- → ?
Reporter | ||
Comment 1•12 years ago
|
||
It appears we generally right now always silently apply an update to an app manifest without any user consent. I just confirmed this also happens when I do a similar test with removing developer info from update to another.
Summary: Installing a hosted app with an icon, the changing the manifest to have no icon, restart phone - update was silently applied without user consent → Installing a hosted app, change the app manifest data, restart app processes - update was silently applied without user consent
Reporter | ||
Updated•12 years ago
|
Summary: Installing a hosted app, change the app manifest data, restart app processes - update was silently applied without user consent → Installing a hosted app, change the app manifest data, check for updates, restart app processes - update was silently applied without user consent
Comment 2•12 years ago
|
||
Fabrice will confirm, but I'm pretty sure this how appcache works (and will work).
Comment 3•12 years ago
|
||
(In reply to Etienne Segonzac (:etienne) from comment #2) > Fabrice will confirm, but I'm pretty sure this how appcache works (and will > work). That's how appcache works.
Updated•12 years ago
|
Component: Gaia::System → General
Reporter | ||
Comment 4•12 years ago
|
||
(In reply to Vivien Nicolas (:vingtetun) from comment #3) > (In reply to Etienne Segonzac (:etienne) from comment #2) > > Fabrice will confirm, but I'm pretty sure this how appcache works (and will > > work). > > That's how appcache works. This test case has nothing to do with appcache...
Comment 5•12 years ago
|
||
(In reply to Jason Smith [:jsmith] from comment #4) > (In reply to Vivien Nicolas (:vingtetun) from comment #3) > > (In reply to Etienne Segonzac (:etienne) from comment #2) > > > Fabrice will confirm, but I'm pretty sure this how appcache works (and will > > > work). > > > > That's how appcache works. > > This test case has nothing to do with appcache... Well if the hosted app does not use appcache there isn't much for us to handle update-wise :)
Reporter | ||
Comment 6•12 years ago
|
||
(In reply to Etienne Segonzac (:etienne) from comment #5) > (In reply to Jason Smith [:jsmith] from comment #4) > > (In reply to Vivien Nicolas (:vingtetun) from comment #3) > > > (In reply to Etienne Segonzac (:etienne) from comment #2) > > > > Fabrice will confirm, but I'm pretty sure this how appcache works (and will > > > > work). > > > > > > That's how appcache works. > > > > This test case has nothing to do with appcache... > > Well if the hosted app does not use appcache there isn't much for us to > handle update-wise :) Well, I guess? The only thing being updated in this case is the manifest data itself. I know the update itself did work, although as shown by the three connecting bugs, it's done in a weird, strange manner in which: 1. Check for updates --> apply update for a hosted app - no user consent to give the update 2. Check for updates --> don't notify a user to allow them to update the app 3. Check for updates --> apply update for a hosted app - a restart is required to see the update for the particular app (more problematic in the case for the homescreen)
Comment 7•12 years ago
|
||
Let's backup a second: for a hosted app not using appcache I have no idea what "applying update" means...
Reporter | ||
Comment 8•12 years ago
|
||
(In reply to Etienne Segonzac (:etienne) from comment #7) > Let's backup a second: for a hosted app not using appcache I have no idea > what "applying update" means... What I mean by "apply update" for a hosted app means that I would have an updated app manifest in the app registry. So: Before update I have manifest in the registry in step 1 in comment 0 After update I have manifest in the registry in step 2 in comment 0
Reporter | ||
Comment 9•12 years ago
|
||
Spoke with Etienne in IRC about this. I know what the issue is here. The Apps DOM API currently when checking for an update will update the app manifest in the app registry when a check for update occurs. However, my argument is that the concept of "checking" for an update shouldn't mean that we automatically apply an update to the app manifest. We should instead be comparing the "old" vs "new" manifest during the check process to say, "Hey I found an update!" If the user consents to the update, then the "application" of the update should include updating the app manifest.
Updated•12 years ago
|
Flags: needinfo?(fabrice)
Updated•12 years ago
|
Flags: needinfo?(fabrice)
Updated•12 years ago
|
Flags: needinfo?(fabrice)
Comment 10•12 years ago
|
||
I understand why you expect that, but when you just have a new manifest, it's more a "here's the new meta-data" about the app than anything else. I don't see any good reason to let the user make a decision here.
Flags: needinfo?(fabrice)
Reporter | ||
Comment 11•12 years ago
|
||
(In reply to Fabrice Desré [:fabrice] from comment #10) > I understand why you expect that, but when you just have a new manifest, > it's more a "here's the new meta-data" about the app than anything else. I > don't see any good reason to let the user make a decision here. Fair enough. That's fine.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
Reporter | ||
Updated•12 years ago
|
blocking-basecamp: ? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•