← Back to team overview

ubuntu-phone team mailing list archive

Re: How do I know an app is safe to install?

 

On 10/14/2013 11:09 AM, David Planella wrote:
> Hi Jeremy,
> 
> In addition to all what Dave is saying, if you want to know more about this app,
> including links to the source code:
> 
> http://notyetthere.org/?p=351
> 

There is an app in the Ubuntu appstore called 'Permy' that will show you the
permissions that the app has, but in general it is not needed because of our
trust model:
http://developer.ubuntu.com/publish/apps/security-policy-for-click-packages/

> Cheers,
> David.
> 
> 
> On Mon, Oct 14, 2013 at 5:49 PM, Jeremy Tayco <keitaro332@xxxxxxxxxxx
> <mailto:keitaro332@xxxxxxxxxxx>> wrote:
> 
>     >The app has passed all the security and packaging tests before it is
> 
>     >allowed to enter the Click apps store.
> 
>     >This means that any application that is in the apps listing is "safe".
> 
>     >Also because applications are completely isolated and locked down they
>     >are by nature safer than the old deb files. This is most of the reason
>     >for creating the click packaging system.
> 
>     >The reason for the lack of information regarding the dev is this is only
>     >release 1 for everything. This means there is pleanty of work to do and
>     >issues to resolve. For this release the idea was to get all the ground
>     >works in place and then future releases will improve on what is already
>     >there.
> 
>     I was unaware that automated security tests had already been implemented 
>     for Click submissions. Thanks for taking the time to help me out with this!
> 
> 
>     --
>     Mailing list: https://launchpad.net/~ubuntu-phone
>     Post to     : ubuntu-phone@xxxxxxxxxxxxxxxxxxx
>     <mailto:ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
>     Unsubscribe : https://launchpad.net/~ubuntu-phone
>     More help   : https://help.launchpad.net/ListHelp
> 
> 
> 
> 


-- 
Jamie Strandboge                 http://www.ubuntu.com/

Attachment: signature.asc
Description: OpenPGP digital signature


References