Bazaar - Guardian Project Dev (ARCHIVED SITE)

Wiki

Version 24 (hans, 02/19/2014 07:21 pm)

-pd0x
+h1. Bazaar Wiki
 pd0x
-hans
+Bazaar lets you download apps securely, and share the apps on your phone with people in close proximity using whatever means are available (WiFi, Bluetooth, NFC, SDCard, etc).  It also audits your installed apps by comparing them to the versions that other people have installed to make sure they are not malware.  We are building upon the "FDroid":https://f-droid.org free software app store for Android to improve the security of the process while enabling decentralized and peer-to-peer distribution.
-n8fr8
+h2. Overview
 n8fr8
-n8fr8
+* [[Core Concept]]
-n8fr8
+* [[User Stories]]
 n8fr8
-n8fr8
+h2. Activities and Research
 n8fr8
-hans
+* [[FDroid Audit]]
-pd0x
+* "Kerplapp":https://github.com/guardianproject/kerplapp - dropping apps onto droids
-hans
+* [[Auditing Existing APKs]]
-hans
+* [[Bootstrapping Trust]]
-hans
+* [[Local Data Transfer]]
-hans
+* [[OTRDATA Integration Plan]]
-hans
+* [[Trusted Intent Interaction]]
-hans
+* [[Chained TLS Cert Verification]]
-hans
+* [[Signing the Local APK Index]]
-hans
+* [[Improving the APK Signing Procedure]]
 hans
-hans
+h2. Related Discussions
 hans
-hans
+* posts on our blog: https://guardianproject.info/tag/bazaar/
-hans
+* posts on the FDroid forum: https://f-droid.org/forums/tag/bazaar/
-pd0x
+* [[Oct 23rd IRC Scrum log]]
-hans
+* [[Nov 21st IRC log about identifying repos]]
-hans
+* "F-Droid and decentralized trust convo on twitter":https://twitter.com/guardianproject/status/398092213651251201
 pd0x
-hans
+h2. Relevant F-Droid Issues
 hans
-hans
+Whenever possible we should try to frame our work in terms of the F-Droid development process. If we can fix issues in F-Droid by submitting the functionality that we need for Bazaar, then its a win-win.
 hans
-hans
+* "Please provide GPG signatures for APKs":https://f-droid.org/repository/issues/?do=view_issue&issue=284 - we can provide this with GPGA, and it will help with master key bug issues on phones that have not been updated
-hans
+* "Import and export list of installed apps":https://f-droid.org/repository/issues/?do=view_issue&issue=402 - Kerplapp already does this, we'd just need to reframe that code to also do file I/O and @SEND@ Intents.
-hans
+* "Resumeable downloads?":https://f-droid.org/repository/issues/?do=view_issue&issue=393 - p2p and tor will mean lots of flaky connections
-hans
+* "Repo as virtual category in client":https://f-droid.org/repository/issues/?do=view_issue&issue=262 - we will need a way to represent what is on the device on the other side of a p2p sync
-hans
+* "backgrounding apk download":https://f-droid.org/repository/issues/?do=view_issue&issue=307 - downloading via Tor and OTRDATA could be slow
-hans
+* "Repository list management":https://f-droid.org/repository/issues/?do=view_issue&issue=16 - adding repo via QR, etc.
-hans
+* "Update all":https://f-droid.org/repository/issues/?do=view_issue&issue=36 - having _update all_ would make syncing apps in the p2p process much easier.
-hans
+* "display 'category' when accessing an app":https://f-droid.org/repository/issues/?do=view_issue&issue=71 - it would be nice if the UI showed where you were getting the app from, i.e. via the p2p connection you have right now, a Tor connection, etc.
-hans
+* "Update fails if a repo is broken":https://f-droid.org/repository/issues/?do=view_issue&issue=127  - we'll definitely need to handle this since we'll be adding repos that come and go a lot
-hans
+* "Method for suggesting users uminstall an apk":https://f-droid.org/repository/issues/?do=view_issue&issue=144 - if an APK proves to be compromised, it should be able to be revoked and the client should recognize that

Core Apps » Bazaar

Wiki