App store proposal

[flatsiedatsie]

As mentioned in Production Quality Base OS, improving the Gateway's security could be done in a few ways. Those directions could be explored with prototypes.

I've proposed the idea of adding security not through technical lockdown, but through a system that creates a crowdsourced hierarchy of trustworthyness for addons. Instead of limiting what addons can do, instead the secuity comes from communal (or commercial) gatekeeping of which addons may be installed.

I believe this has a number of advantages:

• Simpler to build. It would be an evolution of the current addon system instead of a complete redevelopment.
• It would offer a very visible improvement for end users.
• It would make it easier to create a commercial distribution by allowing such a distribution control over what types of addons it makes available.
• Keeps the threshold to develop new addons low. Less knowledge is required of containerization or, potentially, Snap store acceptance. This also keeps educational use a more viable market.
• Keeps the potential of what addons can do high. While this direction would need some level of permissions for addons (e.g. access to stored log data), ultimately they can do a lot, and squeeze as much value from the hardware platform as possible.
• If some apps could be offered commercially, the app store be a source of revenue, and entice more developers to create addons.

Here is a quick sketch of what this could look like:

To make this exploration useful, I am looking for people who can help with these things:

• OS. This direction would still need to build on a new OS for the Raspberry Pi that has an auto-update feature. The local network might not always be secure, so an OS that is securitiy hardened might be a plus here. Who has knowledge here and would like to share it?
• Cloud backend. To protect pricacy, the app store would be local addon that only relies on a cloud backend for downloading the addons list (which may be a subset of all available addons) and managing the ratings. This implies that users will need an account. There may be existing open source app store backends that could be re-used.
• If paid addons would be a goal, this would become a bit more complex. Thoughts, ideas and experience is very welcome.
• Automated code review. For example, to spot obfuscated code patterns.
• Security hardening for addons. There may be low hanging fruit opportinuties to improve addon security. Ideally addon developers could self-describe some required permissions in the manifest.json file of the addon. For example, addons could request acces to certain pre-defined files in the OS that are outside of their own directories. The manifest file could list these, and from there make them available somehow.
• Front-end. Any CSS/JS/Jquery designers that would enjoy working on the front-end of this addon would be welcome.

To start thinking about this option:

User types

• The addon would distinguish between advanced or normal users. Self proclaimed advanced users would (at their own risk) gain access to more addons early, see beta versions, and do the initial rating. Normal users would only gain access to addons, and versions of those addons, that are deemed stable and safe.
• A sub-type of advanced users could be developers, who create addons. Their trackrecord could be taken into account in the process. Perhaps this requires advanced users to log in with a Github account, so that their addons and identity can be linked.

Addon types

• Addons might gain some tags that describe them to aid users in finding and filtering. These may be listed in the addon's manifest.json file.

The UI

• Installed addons page (update, remove, add review)
• Available addons page
• Search+filter page
• A page for each addon (install)

Additional issues the addon could deal with:

• Showing users a privacy policy they have to accept before they install the addon.
• Perhaps in the future, addons, and/or the hardware they represent, could have a privacy label which users are shown on the addon overview page.

Even if one of the other directions is chosen (which would be fine), thinking about an upgraded addon installation system would still have been a useful excersize.

Discussion can take place in this issue or in this Matrix room.

[createcandle]

Work in progress:
https://github.com/createcandle/candleappstore

You can already:

• Create an account with the app store from the UI (for now, the return token can be found in the javascript console, and not in your email).
• Rate &review addons, and get the average ratings and read reviews.
• Change basic addon settings.