Hi, As far as I know, you can do an uninstall now. Regarding the update functionality I guess it will work a bit different, each time you visit a new web app, if the cache manifest changes, or even if you don't have an offline version and you are always using the online one, the system will automatically download for you the new elements of the app.
Cheers, F. On 16/04/2012 18:22, "Jim Straus" <jstr...@mozilla.com> wrote: >How about un-install an app, update an app (assuming that the app has a >cached component and we can distinguish when cached components change, >and also that we desire that the user can control when an app is updated). >I also think that the risks for some of the APIs vary. For example, >getSelf() doesn't seem like a risk. un-install an app seems much higher >(if an app can un-install others locally stored data would be lost), and >the list of installed apps has the potential for fingerprinting (though >also potentially useful for an app developer cross-selling another of >their apps if you don't have it already). Maybe we just group the >permissions into two buckets with the low/no risk APIs always granted and >the others needing permission. > >On Apr 16, 2012, at 2:08 AM, Lucas Adamski wrote: > >> Please reply-to dev-weba...@lists.mozilla.org >> >> Name of API: Open Web App API >> Reference: >>https://developer.mozilla.org/en/OpenWebApps/The_JavaScript_API >> >> Brief purpose of API: The Open Web Apps JavaScript API is a >>programmatic interface for installing Web apps and for managing a >>client-side collection of Web apps that a user has installed. >> >> General Use Cases: >> * Install an app - navigator.mozApps.install(url, [install_data]) >> * A web page can check if it is installed - navigator.mozApps.getSelf() >> * Return a list of installed apps installed by this domain - >>navigator.mozApps.getInstalled() >> >> Inherent threats: >> * Installation grants some minor additional privileges >> * Access to install an app on another domain introduces risks >> * Privacy (users can be identified by list of apps) >> >> Threat severity: Low for Installation API, High for Management API >> >> == Regular web content (unauthenticated) == >> Use cases for unauthenticated code: Just the general cases as above. >> Authorization model for normal content: Explicit for install (OS >>Mediated), Implicit for check status >> Authorization model for installed content:Explicit for install (OS >>Mediated), Implicit for check status >> Potential mitigations: getInstalled() only returns the apps installed >>by the current domain >> >> == Trusted (authenticated by publisher) == >> Use cases for authenticated code: >> A "dashboard" can manage and launch Apps on the users behalf >> A "dashboard" can monitor the state of logged in applications >> Authorization model: Implicit, execpt Remove App is Explicit (OS >>Mediated) >> Potential mitigations: >> >> == Certified (vouched for by trusted 3rd party) == >> Use cases for certified code: Same as trusted >> Authorization model: Implicit >> Potential mitigations: >> >> Note: not sure if management functions belong in trusted or privileged. >> This is probably a subject for discussion. >> >> _______________________________________________ >> dev-webapps mailing list >> dev-weba...@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-webapps > >_______________________________________________ >dev-b2g mailing list >dev-...@lists.mozilla.org >https://lists.mozilla.org/listinfo/dev-b2g This electronic message contains information from Telefonica UK, Telefonica Europe or Telefonica Digital which may be privileged or confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient be aware that any disclosure, copying distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone or email. Switchboard: +44 (0)113 272 2000 Email: feedb...@o2.com Telefonica UK Limited 260 Bath Road, Slough, Berkshire SL1 4DX Registered in England and Wales: 1743099. VAT number: GB 778 6037 85 Telefonica Europe plc 260 Bath Road, Slough, Berkshire SL1 4DX Registered in England and Wales: 05310128. VAT number: GB 778 6037 85 Telefonica Digital Limited 260 Bath Road, Slough, Berkshire SL1 4DX Registered in England and Wales: 7884976. VAT number: GB 778 6037 85 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
