Bootstrapping Trust

In order to have a trusted platform for sharing files, the Bazaar app needs to be installed

User-preferred File Transfer Method

There are so many apps and techniques that people are using for sharing files on phones. We should make it straightforward for people to share the Bazaar app via their own preferred method

Implementation

Issues

Bluetooth File Transfer

Most phones have a built-in method of transferring files via Bluetooth. Since its very local, and there is some security in the pairing process, there is some level of trust in the process.

Implementation

Issues

local HTTPS

The Bazaar app can run a local HTTP server that shares out the bootstrapping app, and the rest of the process, including the index.jar.

Implementation

Issues

NFC

NFC provides an easy way to locally swap a bit of data, which can be used to easily setup another higher bandwidth connection, like Bluetooth.

Implementation

Issues

ChatSecure/OTR

If ChatSecure is installed, then we have a trusted channel to communicate over. This would provide an easy way to bootstrap the Bazaar app.

Implementation

Issues

Kerplapp with Pinned F-Droid

We can make a version of Kerplapp for the Google Play Store that includes the ability to download an F-Droid.apk and then check the hash against an included sha256. Then it could download it from multiple sources, and still be able to verify it. CiaranG said they can give us a static URL to a specific version of F-Droid for this. We can probably also rely on the APK being in the archive repo, i.e. https://f-droid.org/archive/org.fdroid.fdroid_45.apk

Bootstrap Decision Tree