On Tue, Sep 10, 2013 at 9:17 AM, Jim Blandy <[email protected]> wrote: > Debugging is how many people are going to learn how to write apps; think > about the role of "view source" in introducing people to web technology. And > it's consistent with our goal of putting the user in charge of their own > device. I think we should treat all apps as debuggable, on any device. > > As far as non-developer users are concerned: debugging is turned off by > default. You need to go (rather deep) into the settings and explicitly turn > debugging on, before the server begins listening. There is no reason a > non-developer would ever need to enable debugging (and we should ensure this > remains true). So I don't see the risk to non-developer users.
The attack here is if the user gets the device stolen, then the thief could go into the settings and explicitly turn debugging on. He/she could then use the debugger to suck out all sorts of data from various apps. Things like login tokens to your email or even raw passwords from applications that store those client-side. There's also the "evil maid" attack, where a maid which gets access to your phone for 5 minutes, can do the same and quickly suck out all data from your phone. In neither scenario the user is particularly protected by hiding the debugging-enabling checkbox deeper in the settings app. Ideal would be if the user had to enter some code in order to turn on debugging, but what code would we use? It would be pointless to enable setting the code the first time debugging is turned on, since most people will never turn on debugging. And so the thief/maid would just be able to select the code themselves. The code solution could be used to protect developers like you point out though. The user would be protected if the phone is locked with a passcode, but a lot of people don't enable those. One idea that was floated was that we're in a good state if turning on debugging only enables debugging of apps installed after debugging was enabled. That would let the user turn on debugging, then install an app that they want to know how it works, and start debugging away. Unfortunately that doesn't help with users that want to debug the apps that are preinstalled on the device. We didn't have any particularly good solution there. One bad-but-maybe-ok solution is to require that the phone goes through a special factory reset codepath which boots up the device in a mode where debugging is enabled from the start. Requiring factory reset is obviously crappy and not an option for a lot of developers. But it would only be required for developers that want to attach a debugger to the preinstalled apps. / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
