Closed Bug 928137 Opened 9 years ago Closed 6 years ago

Figure out how to allow sideloaded certified app debugging

Categories

(DevTools Graveyard :: WebIDE, defect, P1)

defect

Tracking

(Not tracked)

RESOLVED INVALID
Firefox 34

People

(Reporter: ochameau, Unassigned)

References

Details

Up to 1.1, included, certified app sideloading was forbidden.
Now, with bug 927108 being fixed, we can install certified apps but still can't debug stock certified nor the one we install.

We need to find ways to allow, at least debugging of the one installed via the devtools, but also figure out how to easily enable gaia debugging.

One way to fix that would be to flag apps being installed after the debugging mode is enabled and allow debugging of any app being installed when it is on.
+1, assuming we figure out how to make the enabling of this explicit. I like how android does this, having to do a certain obscure sequence of actions to enable developer features.
(In reply to Jeff Griffiths (:canuckistani) from comment #1)
> +1, assuming we figure out how to make the enabling of this explicit. I like
> how android does this, having to do a certain obscure sequence of actions to
> enable developer features.

This bug is about certified apps only. If a user action on the device can enable certified apps debugging, that'd be a security issue.
I must have missed something here.

If we can install certified apps… how is forbidding certified apps debugging still useful?
(In reply to Paul Rouget [:paul] from comment #3)
> I must have missed something here.
> 
> If we can install certified apps… how is forbidding certified apps debugging
> still useful?

So if I understand correcty, certified apps can't access data from other certified apps, so if we can identify which apps have been installed from the app manager, we can allow debugging for these apps.
(In reply to Paul Rouget [:paul] from comment #4)
> (In reply to Paul Rouget [:paul] from comment #3)
> > I must have missed something here.
> > 
> > If we can install certified apps… how is forbidding certified apps debugging
> > still useful?
> 
> So if I understand correcty, certified apps can't access data from other
> certified apps, so if we can identify which apps have been installed from
> the app manager, we can allow debugging for these apps.

Yes, it is being considered safe. By default, even with the certified mozapp API, I don't think you can install an evil app for a arbitrary origin in order to steal one particular app data.
But TBH I wouldn't be surprised we find tricks to somehow do it... I haven't tried to see if we could do that with the `origin` manifest property or with a man in the middle server faking a particular origin.
Priority: -- → P1
When I last checked this week you could use the developer tools against the Gaia certified apps already installed in the simulator. Does that not work any more?
Ben, this bug is only for production devices. Gaia developers just have to set DEVICE_DEBUG=1 (in userconfig or when calling gaia's make) in order to be able to debug certified apps.
Assignee: nobody → paul
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Target Milestone: --- → Firefox 34
Ryan, this is about certified app installed by the user.
Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---
Summary: Figure out how to allow/enable certified app debugging → Figure out how to allow sideloaded certified app debugging
Assignee: paul → nobody
No more apps.
Status: REOPENED → RESOLVED
Closed: 8 years ago6 years ago
Resolution: --- → INVALID
Product: Firefox → DevTools
Product: DevTools → DevTools Graveyard
You need to log in before you can comment on or make changes to this bug.