822862 - Installing a hosted app, change the app manifest data, check for updates, restart app processes - update was silently applied without user consent

Status: RESOLVED INVALID

(Firefox OS Graveyard :: General, defect)

Description

[Jason Smith [:jsmith]]

Build: B2G18 12/18/2012
Device: Unagi

Steps:

1. Install a hosted app from testmanifest.com with default manifest:

{
  "name":"Test App ({subdomain})",
  "description":"This app has been automatically generated by testmanifest.com",
  "version":"1.0",
  "icons":{
    "16":"http://testmanifest.com/icon-16.png",
    "48":"http://testmanifest.com/icon-48.png",
    "128":"http://testmanifest.com/icon-128.png"
  },
  "installs_allowed_from":[
    "*"
  ],
  "developer":{
    "name":"Gregory Koberger",
    "url":"http://gkoberger.net"
  }
}

2. On testmanifest.com, modify the manifest to not include an icon:

{
  "name":"Test App ({subdomain})",
  "description":"This app has been automatically generated by testmanifest.com",
  "version":"1.0",
  "installs_allowed_from":[
    "*"
  ],
  "developer":{
    "name":"Gregory Koberger",
    "url":"http://gkoberger.net"
  }
}

3. Go to settings --> device info --> check for updates
4. Restart the phone and unlock it

Expected:

The app should not have updated on the homescreen, as the user has not consented to updating the app.

Actual:

The app is updated on the homescreen post a restart without any user consent that he/she wanted the app updated.

Comment 1

[Jason Smith [:jsmith]]

It appears we generally right now always silently apply an update to an app manifest without any user consent. I just confirmed this also happens when I do a similar test with removing developer info from update to another.

Comment 2

[Etienne Segonzac (:etienne)]

Fabrice will confirm, but I'm pretty sure this how appcache works (and will work).

Comment 3

[Vivien Nicolas (:vingtetun) (:21) - (NOT reading bugmails, needinfo? please)]

(In reply to Etienne Segonzac (:etienne) from comment #2)
> Fabrice will confirm, but I'm pretty sure this how appcache works (and will
> work).

That's how appcache works.

Comment 4

[Jason Smith [:jsmith]]

(In reply to Vivien Nicolas (:vingtetun) from comment #3)
> (In reply to Etienne Segonzac (:etienne) from comment #2)
> > Fabrice will confirm, but I'm pretty sure this how appcache works (and will
> > work).
> 
> That's how appcache works.

This test case has nothing to do with appcache...

Comment 5

[Etienne Segonzac (:etienne)]

(In reply to Jason Smith [:jsmith] from comment #4)
> (In reply to Vivien Nicolas (:vingtetun) from comment #3)
> > (In reply to Etienne Segonzac (:etienne) from comment #2)
> > > Fabrice will confirm, but I'm pretty sure this how appcache works (and will
> > > work).
> > 
> > That's how appcache works.
> 
> This test case has nothing to do with appcache...

Well if the hosted app does not use appcache there isn't much for us to handle update-wise :)

Comment 6

[Jason Smith [:jsmith]]

(In reply to Etienne Segonzac (:etienne) from comment #5)
> (In reply to Jason Smith [:jsmith] from comment #4)
> > (In reply to Vivien Nicolas (:vingtetun) from comment #3)
> > > (In reply to Etienne Segonzac (:etienne) from comment #2)
> > > > Fabrice will confirm, but I'm pretty sure this how appcache works (and will
> > > > work).
> > > 
> > > That's how appcache works.
> > 
> > This test case has nothing to do with appcache...
> 
> Well if the hosted app does not use appcache there isn't much for us to
> handle update-wise :)

Well, I guess? The only thing being updated in this case is the manifest data itself. I know the update itself did work, although as shown by the three connecting bugs, it's done in a weird, strange manner in which:

1. Check for updates --> apply update for a hosted app - no user consent to give the update
2. Check for updates --> don't notify a user to allow them to update the app
3. Check for updates --> apply update for a hosted app - a restart is required to see the update for the particular app (more problematic in the case for the homescreen)

Comment 7

[Etienne Segonzac (:etienne)]

Let's backup a second: for a hosted app not using appcache I have no idea what "applying update" means...

Comment 8

[Jason Smith [:jsmith]]

(In reply to Etienne Segonzac (:etienne) from comment #7)
> Let's backup a second: for a hosted app not using appcache I have no idea
> what "applying update" means...

What I mean by "apply update" for a hosted app means that I would have an updated app manifest in the app registry. So:

Before update I have manifest in the registry in step 1 in comment 0

After update I have manifest in the registry in step 2 in comment 0

Comment 9

[Jason Smith [:jsmith]]

Spoke with Etienne in IRC about this. I know what the issue is here.

The Apps DOM API currently when checking for an update will update the app manifest in the app registry when a check for update occurs. However, my argument is that the concept of "checking" for an update shouldn't mean that we automatically apply an update to the app manifest. We should instead be comparing the "old" vs "new" manifest during the check process to say, "Hey I found an update!" If the user consents to the update, then the "application" of the update should include updating the app manifest.

Comment 10

[[:fabrice] Fabrice Desré]

I understand why you expect that, but when you just have a new manifest, it's more a "here's the new meta-data" about the app than anything else. I don't see any good reason to let the user make a decision here.

Comment 11

[Jason Smith [:jsmith]]

(In reply to Fabrice Desré [:fabrice] from comment #10)
> I understand why you expect that, but when you just have a new manifest,
> it's more a "here's the new meta-data" about the app than anything else. I
> don't see any good reason to let the user make a decision here.

Fair enough. That's fine.