Hi folks, I wanted to let people know of some significant changes coming to the Firefox Accounts implementation in Fennec. The native accounts implementation is being replaced with a hybrid native-and-on-the-web implementation. The changes are broadly tracked by meta ticket Bug 1161223 and I intend to land them in Fennec 42 (current Nightly).
What's changing? ---------------- Most screens that are implemented with native Android widgets will instead be delivered as web content from accounts.firefox.com in a Fennec tab. The status activity will remain a native Android activity; everything else (sign up/sign in/change password/update avatar) will move to the web. What's the motivation? ---------------------- The motivation is to get the Fennec team out of the Accounts team's path. The Desktop product has shown that hosting Firefox Account interface on the web is a viable, iterable solution that lets us provide a great user experience across our products. By unifying our technical approach across our products [2] we unlock the Accounts team to move faster on features that would otherwise require Fennec team support: for example, adding robust 2-factor authorization, or optimizing our sign up experience. Why might I care? ----------------- I see two axes relevant to users. First, it's likely that our sign up/sign in experience will take slightly longer (since we need to load and display content from accounts.firefox.com) and it's possible our experience will be perceived as less smooth. However, we already do this process on Firefox for iOS and mobile team will take feedback from our iOS product in to account as we build the Fennec solution. And, other organizations, including Google, have at times delivered their authentication flow over the web in this way. Therefore, I'm not concerned we will be bucking user expectation, and so far the experience seems good. You can see a (now dated) demo video at [3]. Second, this changes the Firefox Accounts security story in Fennec. Currently, your Firefox Account password never leaves your device: your password is never stored (although a derivative is stored for a short time) and is never exposed to web content. This will change: accounts.firefox.com will have access to your password. An attacker who compromises (or compels) Mozilla has an attack that they did not have previously. The Accounts team has considered this attack and takes mitigating steps, but I can't find a good reference right now [4]! After these changes, the Fennec security story will be similar to the Desktop (and iOS) security story. For that reason, I'm not concerned about the security changes. Comments? --------- The mobile-firefox-dev and dev-fxacct mailing lists are the best places to continue this discussion. You can also reach out to me directly in #mobile on irc.mozilla.org. Best, Nick [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1161223 [2] Desktop has a robust web solution. Firefox for iOS has a web solution with some features missing or disabled. Fennec has a native only solution. [3] http://people.mozilla.org/~nalexander/FxA.Web.Signin.1.webm [4] If you have a reference, please let me know! I know dveditz from the Mozilla security team has been involved in these discussions -- probably more times than he cares to have been.
_______________________________________________ mobile-firefox-dev mailing list [email protected] https://mail.mozilla.org/listinfo/mobile-firefox-dev
