On Mar 19, 2012, at 1:36 PM, Jim Straus wrote: > What I would like to see is a threat tree, how we may mitigate the various > threats, and an assessment of how far we feel we need to go. That's why I'm > adding in dev-security to this thread. I want us to have a robust developer > community. I suspect that if it is too easy to rip off developers they won't > participate.
How do native apps deal with this? My limited understanding is that they implement some DRM scheme based on information they get about the uniqueness of the device they are running on (example: MAC address). Steam, a popular game store, requires internet access at the time of install (but not at the time of launch), if we can get details on how they pull that off it would be informative. Going all out by signing code like Apple does on iOS is out of the question, I think. But we could consider an opt-in scheme where apps worried about piracy can choose to trust the runtime (in this case, specific B2G phones) to only launch the app if the signature & receipt match. It would be easy to bypass this by recompiling B2G with the checks turned off, but maybe that's ok, because only "advanced users" will ever do this (it's the equivalent of "rooting" your iPhone). This whole question boils down to whether the app developer trusts the runtime of not. On the desktop, I posit that there is no reasonable way we can assure them of this (perhaps on the next OS X release it might be possible but Windows & Linux won't support this for a while), but it might be feasible on B2G. If the B2G team feels this is important, I'm happy to discuss how to mitigate threats and perhaps extend the verifyReceipt() function to be "more trusted" than it is on desktop. -Anant _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
