Amazon is giving away $140 worth of free Android apps

In today's open source roundup: Get $140 worth of free Android apps from Amazon. Plus: Is Mozilla's add-on review policy harmful? And how to run Arch Linux on a Macbook

Amazon offers $140 worth of free apps

From time to time Amazon offers free apps to attract users to its platform. This time around the company is offering $140 worth of free Android apps in its app store.

Harish Jonnalagadda reports for Android Central:

Amazon's latest app giveaway is here, and includes over $140 worth of premium content that is available for free from now until February 14. The giveaway features a total of 37 apps, including Listure, Sleep as Android, Runtastic Pro and more.

To install apps from Amazon on your Android device, you're going to need the Amazon Appstore for Android.

More at Android Central

Mozilla's new add-on policy stirs controversy

Mozilla recently announced a change to its add-on policy that purports to provide a safer experience for users. But not everyone agrees with Mozilla, and some question whether or not the changes will actually provide greater add-on security.

First, here's Mozilla's announcement about the changes:

We’re responsible for our add-ons ecosystem and we can’t sit idle as our users suffer due to bad add-ons. An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions. However, we believe that forcing all installs through our distribution channel is an unnecessary constraint. To keep this balance, we have come up with extension signing, which will give us better oversight on the add-ons ecosystem while not forcing AMO to be the only add-on distribution channel.

Here’s how it will work:

Extensions that are submitted for hosting on AMO and pass review will be automatically signed. We will also automatically sign the latest reviewed version of all currently listed extensions.

Extension files that aren’t hosted on AMO will have to be submitted to AMO for signing. Developers will need to create accounts and a listing for their extension, which will not be public. These files will go through an automated review process and sent back signed if all checks pass. If an add-on doesn’t pass the automated tests, the developer will have the option to request the add-on to be manually checked by our review team. A full review option will also be available for non-AMO add-ons, explained further ahead.

For extensions that will never be publicly distributed and will never leave an internal network, there will be a third option. We’ll have more details available on this in the near future.

There will be a transition period of two release cycles (12 weeks total) during which unsigned extensions will only generate a warning in Firefox.

After the transition period, it will not be possible to install unsigned extensions in Release or Beta versions of Firefox. There won’t be any preferences or command line options to disable this.

Installation of unsigned extensions will still be possible on Nightly and Developer Edition, as well as special, unbranded builds of Release and Beta that will be available mainly for developers testing their extensions.

More at Mozilla

Developer Jeff Lyon disagrees with Mozilla:

Mozilla reasons that this change will improve the security and performance of Firefox add-ons, and prevent malicious add-ons from being distributed. Unfortunately, mandatory review does nothing to address the underlying security problems that plague add-ons in the Firefox browser; it needlessly inconveniences (and possibly endangers) both developers and users, and ultimately violates the core principles set forth in the Mozilla manifesto and the definition of Free Software.

Mozilla’s AMO review requirement is a non-solution to the problem of their non-existent add-on security, akin to a Band-Aid over a shotgun wound. We are forced to trust that their volunteer reviewers will find all possible hidden attack vectors in all add-ons, an unrealistic proposition given the volume of submissions and the sophistication of modern malware.

Mozilla doesn’t have to abandon their core principles and alienate the Free Software community to protect users. They need to look at what other browsers have been doing for years, learn from it, and do some hard work. In particular:

1. Security sandboxing for the Mozilla Add-on SDK is long overdue.

2. Add-ons should report what permissions they need. Users should be able to review and approve this conditionally.

3. Add-ons should only be able to install via express user permission.

4. Add-on activity should be more transparent to the user.

5. Improve the AMO review experience.

6. If nothing else, make code signing optional for experienced users.

More at Rubbing Alcoholic Blog

1 2 Page 1