On 09/27/2013 05:58 PM, Jonas Sicking wrote:
One idea that was floated was that we're in a good state if turning on
debugging only enables debugging of apps installed after debugging was
enabled. That would let the user turn on debugging, then install an
app that they want to know how it works, and start debugging away.
This sounds similar to the "wipe sensitive data when enabling debugging"
approach. If we conclude that the additional exposure via the debugging
protocol is salient, then this might be a good solution, presuming users can
re-install pre-installed apps. But as I say above, I don't really agree with
the premise.
I don't see how it's similar given that no wiping occurs? And that we
actually have a plan for how it could be implemented (we still have no
idea how to "wipe sensitive data" without wiping all data).
My thought was, if a user can debug pre-installed apps by deleting them
(and thus losing their local data) and then re-installing them, then the
implemented behavior is still "wipe-before-debug"; it's just that the
user "wipes" by "uninstalling". But if it's not possible to delete
pre-installed apps (that's disappointing), then it's moot.
I still think that enabling debugging for all apps installed after the
debugger was enabled brings us 90% of the value (developers can debug
their own apps as they are developing as well as inspect other 3rd
party apps that they install) at almost 0% of the cost (no additional
risk of data leakage, relatively easy to implement).
I will still have stuff on my phone that I am curious about --- and the
better the pre-installed stuff is, the more true this gets --- that I
can't debug. That seems like a shame, given that (as I believe) the
additional exposure allowed by simply permitting anything to be debugged
is minimal.
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
