ISTIC, 9 mars 2016
2 years, 3 months, 2 weeks
Free and Open Source software
manifest.webapp (version soft)
{
"name": "My App",
"description": "My elevator pitch goes here",
"launch_path": "/",
"icons": { "128": "/img/icon-128.png" },
"developer": {
"name": "Your name or organization",
"url": "http://your-homepage-here.org"
}
}
App manifest
Présentation par Julien Wajsberg et Jérémie Patonnier
Feature design & implementation
User control vs automatic choices
Raising awareness about security & privacy
Process isolation, sandboxing, CSP...
Message encryption, VPN support, full disk encryption
Catching up vs. innovating
It's all about compromise.
Updates & bug bounty program
OEMs & carriers modify the code.
No update are pushed to the phones.
No security bug bounty program
dom/apps/PermissionsTable.jsm
New security model for apps
UX/UI parts are hard to standardized.
Streamable packages, Sub Resource Integrity, Service Workers