Security/Reviews/Android Service Installer

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Android Service Based Installer
Target
   
     Full Query    
ID Summary Priority Status
786380 Write new Android service-based updater -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

The given value "
   
     Full Query    
ID Summary Priority Status
786380 Write new Android service-based updater -- VERIFIED

1 Total; 0 Open (0%); 0 Resolved (0%); 1 Verified (100%);

" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • New updater for Android based Firefox
  • The old updater was hooked into the normal native update system - some C++ and JS components (all the same infrastructure, but custom code to apply the update) - big drawback - we couldn't ever check or apply an update without the app running - This isn't great if nightly isn't your default browser (you might not run it much).
    • we couldn't download in the backround with the old updater
  • What changes between nightly / aurora and beta / release? We still send update pings to get ADUs - mozupdater = 0 in config files.
  • If mozupdater is disabled, the new updater won't be running either - so there are changes that could plausibly affect beta / release but it's unlikely.
  • Releng
  • SSL cert checking - relies on underlying android features. No authenticity check on the package - we're relying on a hash and a valid SSL cert to make sure everything else is OK.

What solutions/approaches were considered other than the proposed solution?

`

Why was this solution chosen?

`

Any security threats already considered in the design and why?

  • We've had issues reported for the su issue on rooted phones... No longer a problem - all removed now.

Threat Brainstorming

  • Can we think about scenarios where people aren't using Play and aren't getting updates?
    • Can we capture this information?
    • Do we want to solve this problem? (maybe we can't get this information)
  • How about package signing?
  • Property "SecReview feature goal" (as page type) with input value "*New updater for Android based Firefox
    • The old updater was hooked into the normal native update system - some C++ and JS components (all the same infrastructure, but custom code to apply the update) - big drawback - we couldn't ever check or apply an update without the app running - This isn't great if nightly isn't your default browser (you might not run it much).
      • we couldn't download in the backround with the old updater
    • What changes between nightly / aurora and beta / release? We still send update pings to get ADUs - mozupdater = 0 in config files.
    • If mozupdater is disabled, the new updater won't be running either - so there are changes that could plausibly affect beta / release but it's unlikely.
    • Releng
    • SSL cert checking - relies on underlying android features. No authenticity check on the package - we're relying on a hash and a valid SSL cert to make sure everything else is OK." contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
    • Property "SecReview threat brainstorming" (as page type) with input value "*Can we think about scenarios where people aren't using Play and aren't getting updates?
      • Can we capture this information?
      • Do we want to solve this problem? (maybe we can't get this information)
    • How about package signing?" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status In Progress
Release Target `
Action Items
* snorp::Check to see if the app store is installed in the device - warn the user if they don't have the ability to get updates::

Bugzilla query error

The given value "* snorp::Check to see if the app store is installed in the device - warn the user if they don't have the ability to get updates::

Bugzilla query error

" contains strip markers and therefore it cannot be parsed sufficiently.