Marketplace/Reviewers/Apps/Testing: Difference between revisions

Jump to navigation Jump to search

Marketplace/Reviewers/Apps/Testing (view source)

Revision as of 11:27, 27 June 2013

638 bytes removed ,  27 June 2013
→‎Testing Procedure - Packaged Apps
No edit summary
Line 62: Line 62:
== Testing Procedure - Packaged Apps ==
== Testing Procedure - Packaged Apps ==


''These should only be reviewed by Marketplace Staff currently.''
The procedure is similar to [[#Testing_Procedure_-_Hosted_webapps|hosted apps]].  Currently packaged apps are only fully supported on FirefoxOS, though Android support is already in Nightly builds.  Packaged App installation requires [[Marketplace/Reviewers/Apps/InstallingReviewerCerts|adding additional certificates]] to the phone.


The procedure is similar to [[#Testing_Procedure_-_Hosted_webapps|hosted apps]]Currently packaged apps are only supported on FirefoxOS.  Packaged App installation requires [[Marketplace/Reviewers/Apps/InstallingReviewerCerts|adding additional certificates]] to the phone.
'''Make sure the app is not-privilegedA privileged app is indicated by a Red H in the review queue (though not search results!), and then on the review page with "Type: Privileged Packaged App". '''


See the [https://developer.mozilla.org/docs/Apps/Marketplace_review_criteria Marketplace Review Criteria] for details of what we allow and don't allow in Apps for listing on Marketplace.  The steps below outline the brief procedure, not the policy.
See the [https://developer.mozilla.org/docs/Apps/Marketplace_review_criteria Marketplace Review Criteria] for details of what we allow and don't allow in Apps for listing on Marketplace.  The steps below outline the brief procedure, not the policy.


* Check the app has a sensible name, summary, description and icon.  The description should be extensive enough for a user to understand what the app does (you may need to revisit this after launching the app). If not, reject.
* Check the app has a sensible name, summary, description and icon.  The description should be extensive enough for a user to understand what the app does (you may need to revisit this after launching the app). If not, reject.
* The manifest url (view) link only contains some details from the actual manifest, which is inside the (zip) package.  To download the package for offline inspection, etc, click the 'package_path' link - this shouldn't be routinely necessary.
* The manifest url (view) link contains a copy of the manifest inside the (zip) package.  Check this as you would a hosted app (see above)
* In the version table at the bottom of the view load the validation report and inspect any warnings/errors.
* As a last check, look for the type entry.  If there is no type entry in the manifest, or its 'web' the app is unprivileged. If the type is 'privileged' then see the Privileged Packaged App section below.
* Then inspect the app contents via the 'contents' link.
* The first file should be the manifest. 
* Check the type entry.  If there is no type entry in the manifest, or its 'web', the app should be treated the same as a hosted one so it is not necessary to check the js code.
* If the type is 'privileged' then the app has access to extra APIs and all code needs to be inspected before approval.  (See subsequent steps)
* Take note of any requested permissions in the manifest.  There is a [[Marketplace/Reviewers/Apps/Permissions|Security Checklist]] of available APIs and what they might be used/abused for. 
* Check all the files, in particular the .js files (thankfully inline js and external files aren't allowed by the CSP), paying attention to how any permissions requested are used. **Need to expand here a little**
* Launch the app on the device and give the app a quick try and see what experience a new user would have.   
* Launch the app on the device and give the app a quick try and see what experience a new user would have.   
* Some apps require a login.  If its straightforward you should register as a new user (to see what experience an actual user would have).  If the app requires paid credentials; specific details; or isn't in a language you can understand sufficiently you can request a username & password - there is a canned response - with Request Information.
* Some apps require a login.  If its straightforward you should register as a new user (to see what experience an actual user would have).  If the app requires paid credentials; specific details; or isn't in a language you can understand sufficiently you can request a username & password - there is a canned response - with Request Information.
Eviljeff
Confirmed users
448

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/670988"

Navigation menu