But users can only turn in debugging if they have pin code access to the phone?
If a developer has purposefully enabled remote debugging they can understand the security implications of such, as said in the original email adding more obscure protection methods that hamper the ability for people to debug on devices seems counter productive. (especially factory resets or wiping users data, for builtin apps or otherwise) Requiring devs to have a pin code to enable debugging seems like more than enough protection and for further measures it seems remote wipe is far more useful than things that require us to wipe data (possible the data we are trying to debug) before being able to debug it On 21 September 2013 18:12, Krzysztof Adamski <k...@japko.eu> wrote: > Dnia 2013-09-21, o godz. 05:49:01 > Jonas Sicking <jo...@sicking.cc> napisał(a): > > > Ideal would be if the user had to enter some code in order to turn on > > debugging, but what code would we use? It would be pointless to enable > > setting the code the first time debugging is turned on, since most > > people will never turn on debugging. And so the thief/maid would just > > be able to select the code themselves. > > > > The code solution could be used to protect developers like you point > > out though. > > > > The user would be protected if the phone is locked with a passcode, > > but a lot of people don't enable those. > > > > [...] > > > > One bad-but-maybe-ok solution is to require that the phone goes > > through a special factory reset codepath which boots up the device in > > a mode where debugging is enabled from the start. > > > > Requiring factory reset is obviously crappy and not an option for a > > lot of developers. But it would only be required for developers that > > want to attach a debugger to the preinstalled apps. > > How about combining the two? If you are enabling debugging for the > first time you have to make factory reset AND set the password. Then > you can easily disable debugging if you want to (like when finished > developing) but each time you want to re-enable it, you have to enter > the password. It could also be auto disabled after reboot or some > time after it was last used or something.. The only way to reset this > password would be to do factory reset again. > > _______________________________________________ > dev-b2g mailing list > dev-b2g@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ dev-b2g mailing list dev-b2g@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-b2g
