ubuntu-phone team mailing list archive

Thread
Date

Re: Calling for Click signing

To: Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx>
From: Martin Albisetti <argentina@xxxxxxxxx>
Date: Wed, 18 Jun 2014 11:43:13 -0300
Cc: Ubuntu Phone <ubuntu-phone@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <CAM+TqApJ6QjjTZn57JT3oE+uxYeL2mZ2wD+Nn+Rvha7xgVA-tw@mail.gmail.com>

On Wed, Jun 18, 2014 at 10:27 AM, Ondrej Kubik
<ondrej.kubik@xxxxxxxxxxxxx> wrote:
> Yeah, but then this is not solving problem I have described in initial
> email here.
> Idea is to protect from using side load to update existing application with
> intruder's version to gain access to application private data or phone's
> resources.

So you wouldn't be able to install an update to an existing
application, because it wouldn't be signed by our server, so it would
refuse to install a new app or an update.

> If developer mode is something easy to enable, which should be given the
> spirit of Ubuntu, it'd easy way in.
> We can elaborate on user data wipe as part of the side-loading enablement,
> but that seems like harsh measure.
> Also I believe even phone with enabled side loading should still be secure,
> which won't be the case.

I would make developer mode enabling as secure as possible, but it
would mean "all guarantees are void".
If you enable developer mode, you should know what you're doing and I
don't think we should get distracted by supporting that case right
now.

-- 
Martin

References

Calling for Click signing
From: Ondrej Kubik, 2014-06-05
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-06
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-06
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-07
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-13
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-13
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-13
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-13
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-18