Marketplace/TrustedUIRework
Marketplace Payments is now the only consumer of the Trusted UI. Should we keep it?
Originally created in: https://bugzilla.mozilla.org/show_bug.cgi?id=794999
Advantages
What does the Trusted UI provide that is of value?
- A global cookie jar so that information can be re-used across apps. Specifically, when starting an in-app payment from App #1 you have to log in on the first purchase but not on the second purchase. When starting a payment from App #2, you should also not have to log in again.
- A seamless in-app payment flow: the user taps a button, enters a payment window, completes the payment, and is automatically returned to the context of the app.
Problems
What problems does the Trusted UI cause?
Platform
- It is difficult to maintain since many code paths within the Trusted UI are unique.
- Multiple bugs keep occurring as the platform evolves.
- Partial list of unexpected bugs:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1105495
- https://bugzilla.mozilla.org/show_bug.cgi?id=1097928
- https://bugzilla.mozilla.org/show_bug.cgi?id=1082218
- https://bugzilla.mozilla.org/show_bug.cgi?id=830358
- https://bugzilla.mozilla.org/show_bug.cgi?id=812663
- https://bugzilla.mozilla.org/show_bug.cgi?id=919833
- https://bugzilla.mozilla.org/show_bug.cgi?id=834507
- https://bugzilla.mozilla.org/show_bug.cgi?id=829170
- https://bugzilla.mozilla.org/show_bug.cgi?id=834871
UX
- The small screen is a problem for UX.
- It's not obvious what the screen actually indicates to the consumer.
Security
- It doesn't fix any of the original security issues it was designed for.
- Spoofability: The Trusted UI opens over the user's home screen but a malicious app could simulate a user's home screen by showing the stock Firefox OS app icons. To the casual user who has not customized their home screen or who is not studying the pixels in details, this spoofed payment window would look the same.
Solutions
What's a better approach?