Security/B2G/Contribute
Contents
How to contribute to Firefox OS Security
If you are willing to help making Firefox OS safer for users, there are several ways to contribute:
Implementing OS features
The Firefox Os Security team is tracking a list of security-related features to be explored or implemented.
Security features list
(This list is to be validated and improved by adding a first good bugs section)
Improved privacy
| ID | Summary | Status | Assigned to |
|---|---|---|---|
| 1033580 | openvpn support | NEW |
1 Total; 1 Open (100%); 0 Resolved (0%); 0 Verified (0%);
- Encrypted messaging
- UI for controlling VPN settings (VPN)
- VPN configuration importing
Browser security features
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Platform Security features
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
Improved permission management
No results.
0 Total; 0 Open (0%); 0 Resolved (0%); 0 Verified (0%);
- Global permission control for all apps and services
- Per permission view for permissions (e.g. which apps have access to my contacts)
- Security app center
Good practices for contributing
For your contribution work to be successful, it is essential you follow some good practices:
Get in touch with us early
Let us know you're starting to work on a feature. Depending on its size, implementing a security feature usually involves important designing decisions which have to be worked on with several teams: platform, Gaia, UX, security. It is also the perfect way to know if other people are working on similar or related features. You can start by contacting us, we will help you get in touch with the right people:
- IRC channel #FxOSSec on irc.mozilla.org
- The ffos-secure@mozilla.org public mailing list is a good place to start discussing about security in the Firefox OS ecosystem.
You can also start a discussion:
Learn how to use Bugzilla
You'll find plenty of useful resources on MDN, especially about how to submit a patch.
Ask for feedback early
It is recommended you ask for feedback early, if possible as soon as you have a working prototype (you can use the "feedback" tag on Bugzilla). This will enable you to make sure everybody (UX, OS, security people) is aware and agrees on the direction you're taking with your implementation, and you'll possibly receive good advice for the remaining implementation work.
Writing security web apps
You can help improving the Firefox OS apps ecosystem by writing or porting security-related apps on Firefox OS.
This etherpad tracks the apps known to be currently available on the Marketplace.
TO BE ADDED: list of apps to be ported on Firefox OS
Doing security reviews
Firefox OS reviews
The security team regularly reviews new features in Firefox OS:
- Gaia (TODO)
- Gecko/Gonk (TODO)
Apps reviews
Security-related apps on the Marketplace are obviously sensitive, so the more reviewers have a look at it, the better it is:
Review guidelines for web apps
To review an app installed from the Marketplace when you don't have direct access to the source code repository, you can use the DevTools in Firefox (depending on the version, WebIDE or the App Manager):
- install the app (on the simulator or on a real device)
- then use the DevTools to debug it and have access to the source code
How to report a security issue:
- on Firefox OS
- on the Marketplace: contact the app developer
Translating security documentation on MDN
You can help us reaching a wider audience of developers and reviewers by translating Firefox OS security documentation in several languages:
- Firefox OS security model
- Security guidelines for app developers and reviewer
- App permissions
- App reviewers security training
- ...
For more information about how to provide translation for MDN pages, you can consult these guidelines.
Learning resources
JavaScript
- Learning by reading:
- Learning by doing:
