Wiki
Version 30 (carriestiens, 05/21/2014 08:44 pm)
1 | 1 | pd0x | h1. Bazaar Wiki |
---|---|---|---|
2 | 1 | pd0x | |
3 | 24 | hans | Bazaar lets you download apps securely, and share the apps on your phone with people in close proximity using whatever means are available (WiFi, Bluetooth, NFC, SDCard, etc). It also audits your installed apps by comparing them to the versions that other people have installed to make sure they are not malware. We are building upon the "FDroid":https://f-droid.org free software app store for Android to improve the security of the process while enabling decentralized and peer-to-peer distribution. |
4 | 25 | hans | |
5 | 21 | n8fr8 | h2. Overview |
6 | 21 | n8fr8 | |
7 | 21 | n8fr8 | * [[Core Concept]] |
8 | 22 | n8fr8 | * [[User Stories]] |
9 | 21 | n8fr8 | |
10 | 21 | n8fr8 | h2. Activities and Research |
11 | 21 | n8fr8 | |
12 | 9 | hans | * [[FDroid Audit]] |
13 | 3 | hans | * [[Auditing Existing APKs]] |
14 | 4 | hans | * [[Bootstrapping Trust]] |
15 | 4 | hans | * [[Local Data Transfer]] |
16 | 15 | hans | * [[OTRDATA Integration Plan]] |
17 | 5 | hans | * [[Trusted Intent Interaction]] |
18 | 16 | hans | * [[Chained TLS Cert Verification]] |
19 | 14 | hans | * [[Signing the Local APK Index]] |
20 | 23 | hans | * [[Improving the APK Signing Procedure]] |
21 | 10 | hans | |
22 | 10 | hans | h2. Related Discussions |
23 | 10 | hans | |
24 | 18 | hans | * posts on our blog: https://guardianproject.info/tag/bazaar/ |
25 | 19 | hans | * posts on the FDroid forum: https://f-droid.org/forums/tag/bazaar/ |
26 | 7 | pd0x | * [[Oct 23rd IRC Scrum log]] |
27 | 17 | hans | * [[Nov 21st IRC log about identifying repos]] |
28 | 1 | pd0x | * "F-Droid and decentralized trust convo on twitter":https://twitter.com/guardianproject/status/398092213651251201 |
29 | 28 | pd0x | * [[OpenITP UX Hackathon - Cydia/Community Notes]] |
30 | 29 | pd0x | * [[March 26th IRC Scrum log]] |
31 | 26 | hans | |
32 | 26 | hans | h2. Code Repositories |
33 | 26 | hans | |
34 | 27 | hans | * "Kerplapp":https://github.com/guardianproject/kerplapp - dropping apps onto droids, the prototype repo app |
35 | 27 | hans | * "FDroid Android client":https://gitorious.org/f-droid/fdroidclient - the Android app store |
36 | 27 | hans | * "FDroid server tools":https://gitorious.org/f-droid/fdroidserver - the tools for managing app repos |
37 | 1 | pd0x | |
38 | 8 | hans | h2. Relevant F-Droid Issues |
39 | 10 | hans | |
40 | 12 | hans | Whenever possible we should try to frame our work in terms of the F-Droid development process. If we can fix issues in F-Droid by submitting the functionality that we need for Bazaar, then its a win-win. |
41 | 12 | hans | |
42 | 12 | hans | * "Please provide GPG signatures for APKs":https://f-droid.org/repository/issues/?do=view_issue&issue=284 - we can provide this with GPGA, and it will help with master key bug issues on phones that have not been updated |
43 | 12 | hans | * "Import and export list of installed apps":https://f-droid.org/repository/issues/?do=view_issue&issue=402 - Kerplapp already does this, we'd just need to reframe that code to also do file I/O and @SEND@ Intents. |
44 | 12 | hans | * "Resumeable downloads?":https://f-droid.org/repository/issues/?do=view_issue&issue=393 - p2p and tor will mean lots of flaky connections |
45 | 12 | hans | * "Repo as virtual category in client":https://f-droid.org/repository/issues/?do=view_issue&issue=262 - we will need a way to represent what is on the device on the other side of a p2p sync |
46 | 12 | hans | * "backgrounding apk download":https://f-droid.org/repository/issues/?do=view_issue&issue=307 - downloading via Tor and OTRDATA could be slow |
47 | 12 | hans | * "Repository list management":https://f-droid.org/repository/issues/?do=view_issue&issue=16 - adding repo via QR, etc. |
48 | 12 | hans | * "Update all":https://f-droid.org/repository/issues/?do=view_issue&issue=36 - having _update all_ would make syncing apps in the p2p process much easier. |
49 | 12 | hans | * "display 'category' when accessing an app":https://f-droid.org/repository/issues/?do=view_issue&issue=71 - it would be nice if the UI showed where you were getting the app from, i.e. via the p2p connection you have right now, a Tor connection, etc. |
50 | 12 | hans | * "Update fails if a repo is broken":https://f-droid.org/repository/issues/?do=view_issue&issue=127 - we'll definitely need to handle this since we'll be adding repos that come and go a lot |
51 | 12 | hans | * "Method for suggesting users uminstall an apk":https://f-droid.org/repository/issues/?do=view_issue&issue=144 - if an APK proves to be compromised, it should be able to be revoked and the client should recognize that |
52 | 30 | carriestiens | |
53 | 30 | carriestiens | h2. Design Assets |