

Building A Paid App For Firefox OS - chrismorgan
https://hacks.mozilla.org/2013/02/building-a-paid-app-for-firefox-os/

======
Xuzz
Counterpoint: as a developer, this looks awful.

For iOS: write an app, set a price, release it. For at least 90+% of potential
customers, they have to pay for it. Piracy requires modifying the device in a
way that Apple blocks.

For Android: write an app, set a price, release it. Anyone can easily pirate
it, but it's still easiest to buy it instead.

For Firefox OS: write an app, set a price... then write a web service to do
receipt checking? Integrate a library to verify purchases? That's a lot of
critical code I now have to maintain, and is easy to get wrong. And my app now
depends on having a server available (either mine or, it seems, a third party)
to verify. And, of course, it's all JavaScript: patching it out is trivial for
piracy.

I guess it's more "open" or something, but it just seems like more work for
the same result.

~~~
kumar303
It's just as easy on Firefox OS. Writing a web service is not required!
Mozilla provides one for you :)

BTW, both iOS and Android require servers to be available for purchase checks
unless, as the app developer, you don't care about piracy (which might be
legitimate for the "most people will buy it" argument).

As for JavaScript being easy to patch. Is it really easier though? You can
literally copy around apk files or search for them on pirate sites to get paid
Android apps for free. There are videos on youtube for how to Patch paid iOS
apps with fake certs and DNS hacks.

~~~
dubcanada
You can't compare JS patching to someone spending hours and hours finding
methods for using fake certs and DNS hacks. Sure the end result may be similar
but to get to their requires a A LOT less more. Anyone can open up a JS file,
find a line of code that does security checking, and return it false. You can
show someone that in a Youtube video. What you can't show someone is how to
spend hours and hours looking for ways to trick the OS into believing that the
packaged application was previously paid for even though it wasn't.

~~~
chrismorgan
Obfuscated and minified JavaScript with license checking scattered in diverse
places will be _much_ , _much_ harder to figure. And it'll vary from app to
app, while with Apple devices if you've stolen one you've stolen them all. (I
think that's the effect?)

~~~
xkcdfanboy
Not when you can easily just hijack the receipt methods. A lot easier than IAT
hooking..lol

------
pnathan
This is pretty exciting. Being able to have an open marketplace without
lockdown is... erm... well. It's a refreshing change from the iOS land and I
hope to see more in this direction.

At any rate, I am starting up a project that I am hoping to sell on the FF
Marketplace. It's going to be a trip (never done app development before!).

------
slajax
I definitely appreciate the portability and open standards that seem to be at
the core of this product. My startup also runs an app store like product and
we decided to focus mostly on web for these same reasons. Portability and open
standards are amazing assets that we are not willing to give up and I'm REALLY
interested in the process and approach Mozilla is taking to use the same
benefits in the mobile market. Mozilla is on the comeback! Watch out tech
giants!

------
thecombjelly
I think the open web-applied to smartphones-will be what the entire smartphone
market eventually arrives at. Mozilla is playing the long game and doing a lot
of extra work and will go through a lot of issues that they wouldn't if they
made another walled garden OS and marketplace. One of the reasons that the web
is so popular for developing apps is its openness and prevalence. The more
momentum firefox OS builds, the more pressure will be put on other phone OS
ecosystems to follow suit, especially if you can use firefox within other
ecosystems and it integrates well with their marketplace and apis. When that
happens, it will be increasingly hard to justify creating a device specific
app when you can cover every device with one webapp.

This will be an exciting project to watch.

------
kibwen
An interesting link buried in the article:

[http://www.macworld.com/article/1167677/hacker_exploits_ios_...](http://www.macworld.com/article/1167677/hacker_exploits_ios_flaw_for_free_in_app_purchases.html)

Does anyone know if Apple has addressed this yet?

In any case, it will be interesting to see if Mozilla can pull this off. When
I download an app, isn't it just Javascript? What's to stop me from just
diving into the app's source and putting in `function is_this_a_valid_app() {
return "yep"; }` ?

~~~
yalogin
That is an old one.

The one concern for app developers on the FirefoxOS will be protecting their
code. If its trivial to reverse an Android app and use that code it will be
even easier to do it on FirefoxOS. So because of that most apps will be
webapps and not native apps. The downside is you will need an always on
network connection.

Validating and enforcing in-app purchases will not be a problem on Firefox OS
if its a web app. Of course it can be trivially circumvented in native apps.
More reason why I expect only webapps on that OS.

~~~
kumar303
You also need an "always on" network to verify paid iOS or Android apps. They
use web services for verification.

------
small_timer
I want to like Mozilla, really, but _why_ do they seem unable to put out a
press release that doesn't contain gratuitous lies or misinformation? (The
last Mozilla PR release I read was also misleading:
<http://news.ycombinator.com/item?id=5128924> ).

 _there is a key difference: it does not lock you into Mozilla or lock you
into your Firefox OS phone_

How is this true in any meaningful way? I look down this list of APIs:
<https://wiki.mozilla.org/WebAPI> and I see many many things that are
FirefoxOS only, and are not planned to be made available for other platforms.

If they want to say that FirefoxOS can display 'standards compliant' web pages
then yes, great, but so can every other OS to some degree (web 'standards' are
a moving target and Chrome and Safari have broadly comparable standards
compliance).

If FirefoxOS is to be truly standards compliant that means it will be unable
to do a single thing that other platforms can't also do in their respective
standards compliant web browsers (and if no other browser implements it then
it's not much of a standard). So where is the additional value from FirefoxOS?
It's just an OS that is by definition less functional than every other OS.

Before anybody chimes in pointing out all the misleading PR from Apple and
Google and Microsoft, yes I'm aware of that, but they are for profit companies
and don't claim to be working for the betterment of mankind. If to compete
with them you also have to coat everything in a glaze of PR bullshit then how
are you any better than them, other than that your bullshit has a slightly
different consistency that makes it easier to swallow for some people.

~~~
ndesaulniers
Easy there killer, not all API's are going to be flushed out full W3C
recommendations for v1. These things take time. Be patient. There is nothing
on that page that suggests any of the WebAPIs "are not planned to be made
available for other platforms." In fact, under process it says "The goal is to
standardize all APIs."

~~~
ndesaulniers
Also, Samsung has been contributing patches to WebKit for Tizen such as
Battery Status, Network Info, Vibration, and more. So the implementation and
standardization process is well on its way.

------
tdoggette
Finally, more app support for my WebOS devices!

That wasn't sarcasm, I'm legitimately excited.

~~~
davisr
I feel like Enyo, and WebOS itself, are really under-appreciated. I've built a
few apps with Enyo, and it's an absolute treat to use.

Plus, WebOS is still here -- I almost feel like people are actively _ignoring_
it: trying to sweep it under the rug whenever its mentioned. Truthfully, I'll
be sad if Firefox OS gains traction, because WebOS did all of this years ago.

~~~
kumar303
Well, WebOS did it in secret and built their own walled garden of "web" APIs,
sadly. That may or may not be why it never got traction. Either way, if you
built a WebOS app then it won't run anywhere else today. With Firefox OS,
Mozilla at least has used standard HTML5 everywhere that it made sense to.
Granted, WebOS began its design a long time ago in web years.

~~~
davisr
> _Either way, if you built a WebOS app then it won't run anywhere else
> today._

That's not very true. Any HTML5/JS app built for WebOS 3.0+ (when Mojo was
depreciated, and Enyo brought in) can run in any browser; if it uses WebOS-
specific API calls (most often used for notifications), then it can be wrapped
in PhoneGap/Cordova and compiled for nearly any OS.

~~~
kumar303
Correct. Now you have a PhoneGab app not a WebOS app :)

------
brianbreslin
How hard is it to transition an add on for Firefox to an app for Firefox os?

