I think of remote debugging as the ability to run devtools on certain site. I'd be uncomfortable with the notion that on some secure sites, I would be disallowed to open the Developer Tools. Like desktop Firefox, I reject the notion that "users" and "developers" should receive a different project. I want the stability of a production build because this is my day-to-day phone, and it should work properly.
On Tue, Sep 10, 2013 at 8:29 AM, Paul Theriault <ptheria...@mozilla.com>wrote: > (bcc dev-gaia) > > I have been discussing the security implications of remote debugging with > a number of people and I wanted to through the question out to a wider > audience. Remote debugging allows access to read any data in app and as > such has implications for the scenario of when a user loses their phone. > > Do we want to allow the remote debugger to connect to any app? > > My proposal is that, for production devices, you should only be allowed to > debug the apps you are developing. That is, the remote debugger will only > connect to web apps and privileged apps pushed to the device via the > simulator. It will _not_ connect to certified apps, or signed privileged > apps installed from the store. The only exception to this i can think of is > we probably support remote debugging of tabs within the browser app (and > possibly bookmarked web pages opened by the system app). > > For developer builds, the remote debugger would connect to any app. > > Thoughts on this proposal? > > - Paul > > > > _______________________________________________ > dev-gaia mailing list > dev-g...@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-gaia > > _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
