Marketplace/TrustedUIRework
Marketplace Payments is now the only consumer of the Trusted UI. Should we keep it?
Originally created in: https://bugzilla.mozilla.org/show_bug.cgi?id=794999
Advantages
What does the Trusted UI provide that is of value?
- A global cookie jar so that information can be re-used across apps. Specifically, when starting an in-app payment from App #1 you have to log in on the first purchase but not on the second purchase. When starting a payment from App #2, you should also not have to log in again.
- A seamless in-app payment flow: the user taps a button, enters a payment window, completes the payment, and is automatically returned to the context of the app.
Problems
What problems does the Trusted UI cause?
Platform
- Maintenance
- Multiple bugs keep occurring as the platform evolves.
- List of bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1105495
- https://bugzilla.mozilla.org/show_bug.cgi?id=1082218
- https://bugzilla.mozilla.org/show_bug.cgi?id=830358
- https://bugzilla.mozilla.org/show_bug.cgi?id=812663
- https://bugzilla.mozilla.org/show_bug.cgi?id=919833
- https://bugzilla.mozilla.org/show_bug.cgi?id=834507
UX
- The small screen is a problem for UX.
- It's not obvious what the screen actually indicates to the consumer.
Security
- Doesn't fix a range of security issues.
- Is still spoofable.
Solutions
What's a better approach?