« Previous -
Version 36/51
(diff) -
Next » -
Current version
hans, 06/24/2014 08:51 pm
Bazaar Wiki¶
Bazaar lets you download apps securely, and share the apps on your phone with people in close proximity using whatever means are available (WiFi, Bluetooth, NFC, SDCard, etc). It also audits your installed apps by comparing them to the versions that other people have installed to make sure they are not malware. We are building upon the FDroid free software app store for Android to improve the security of the process while enabling decentralized and peer-to-peer distribution.
Overview¶
Activities and Research¶
- FDroid Audit
- Auditing Existing APKs
- Bootstrapping Trust
- Local Data Transfer
- OTRDATA Integration Plan
- Trusted Intent Interaction
- Chained TLS Cert Verification
- Signing the Local APK Index
- Improving the APK Signing Procedure
- "Swap" apps
Related Discussions¶
- posts on our blog: https://guardianproject.info/tag/bazaar/
- posts on the FDroid forum: https://f-droid.org/forums/tag/bazaar/
- Oct 23rd IRC Scrum log
- Nov 21st IRC log about identifying repos
- F-Droid and decentralized trust convo on twitter
- OpenITP UX Hackathon - Cydia/Community Notes
- March 26th IRC Scrum log
Code Repositories¶
- Kerplapp - dropping apps onto droids, the prototype repo app
- FDroid Android client - the Android app store
- FDroid server tools - the tools for managing app repos
Relevant F-Droid Issues¶
Whenever possible we should try to frame our work in terms of the F-Droid development process. If we can fix issues in F-Droid by submitting the functionality that we need for Bazaar, then its a win-win.
- Resumeable downloads? - p2p and tor will mean lots of flaky connections
- Repo as virtual category in client - we will need a way to represent what is on the device on the other side of a p2p sync
- backgrounding apk download - downloading via Tor and OTRDATA could be slow
- Method for suggesting users uninstall an apk - if an APK proves to be compromised, it should be able to be revoked and the client should recognize that
Design Assets¶
Starting Point
Wifi-QR/IP screen: s3_wifi_QR.ai (attached)
These documents cover the UI for all of the design we've discussed as of May 30th, 2014. I've labeled them as p01 for 'phase 1'.
Illustrator file: swapUI_p01.ai
Images of each screen (22 total): swapUI_p01.zip
Diagram of the swap workflow and an outline of the other UI components: workflow_diag_p01.pdf