Firefox OS Security: Part 1 – The Web Security Model

When presenting Firefox OS to people, security is a big topic. Can an operating system built on web technologies be secure? What has Mozilla built in to avoid drive-by downloads and malware? In this two part video series Christian Heilmann (@codepo8), principal evangelist of Mozilla, talks to Michael Coates (@_mwc), chair of @OWASP Board about all things security in Firefox OS.

Firefox OS was built on top of the technologies that power the Web. Following Mozilla’s security practices and knowledge from over 10 years of securing Firefox, Firefox OS is engineered as a multi-tiered system that protects users while delivering the power of the mobile web. The design ensures users are in control of their data and developers have APIs and technologies at their disposal to unlock the power of the Web.

Watch the following video where we talk more about the security design and controls present in Firefox OS. In this, the first of two videos on Firefox OS security, we’ll cover items such as the multi-tiered architecture, the permission model, run time decision making, protection of users data and the update model. You can watch the video on YouTube.

Additional links for more information:

About Chris Heilmann

Evangelist for HTML5 and open web. Let's fix this!

More articles by Chris Heilmann…


  1. b3tamax

    Thanks for this. I was worired about the security model whilst listening to Christian’s presentation in NYC a month ago. There seemed to be a vulnerability in installing applications over HTTP from DNS poisoning.

    November 14th, 2013 at 10:57

  2. Ivan Dejanovic

    I am glad to see security is receiving this much attention from Mozilla. As a developer it is critical that I keep my users safe and their data protected.

    I wanted to ask one question. I recently deployed a game to firefox marketplace. I developed a simple game as a way to get myself through the whole process of app development, hosting it on my site, enabling users to install it directly from my site and submitting the app to marketplace. I deliberately developed it as a web app and not Firefox OS app because I see no reason in stoping people from playing it in any browser with decent HTML5 support. On deploying the app to marketplace when beside Firefox OS as a target I choose desktop, tablet and Firefox on android I could not deploy my app as packeged but only as hosted.

    Firstly I see no reason for this. Why whould somebody be denied from installing packaged app on desktop or android? But second and more important, once an app is deployed to marketplace in this fashion, reviewed and approved a developer with bad intent can then replace the app that was safe with an unsafe app.

    Probably this developer won’t be able to do any harm because hosted app can not get access to privileged api’s but it is still problematic in my opinion.

    Still, I am very happy with all do work you put so far in Firefox OS. I had a chance to play with Firefox OS phone today for the first time and I was very impressed by what my coleague got for only 70 Euros. Just keep with good work.

    November 14th, 2013 at 13:16

    1. Bill Walker


      Thanks for your comments! As for our packaged app support, we’re actively engaged in bringing packaged apps to Android and Desktop this quarter. The moment that support lands we’ll be pestering the Marketplace team to enable submission of packaged apps on those platforms.

      We have been thinking hard about update scenarios like the one you mentioned. The transition between packaged and hosted versions of the same app is troublesome on lots of levels, as you can see. I believe we don’t support it yet, until we get a better handle on what can go wrong.

      thanks again,

      November 14th, 2013 at 14:28

    2. Robert Nyman [Editor]

      On the topic of hosted apps and being able to update whenever they want to: we see that as a great strength and possibility for the developer. Then, naturally, it won’t have the same security clearance as a privileged app since it’s just the same as a web site, where we can’t control or guarantee the code. Therefore, see a hosted app as a web site, but being run in an app context.

      November 14th, 2013 at 14:54

  3. Łukasz Polowczyk

    Please check this:

    November 14th, 2013 at 16:14

  4. Ivan Dejanovic

    Bill, Robert

    Thanks for your replies. I do see the point in hosted apps being great convenience for me as a developer. I probably expressed myself poorly because English is not my native language.

    Looking and the Firefox marketplace I was not able to distinguish packaged apps from hosted apps. My impression until two days ago was that every app in marketplace is packaged and checked. Maybe end users will make the same mistake as I did an think that everything they install from marketplace is checked and safe.

    Again maybe my worries are completely unwarranted. I just was so impressed by my first try at Firefox OS smartphone that I honestly what Firefox OS to be a huge success.

    Keep up with good work.

    November 15th, 2013 at 03:29

    1. Robert Nyman [Editor]


      From my point of view, the user shouldn’t need to know if it it’s a packaged or hosted app. Everything is checked and safe according to its security access on the device. If it’s hosted, it will have less security clearance than a packaged app, but neither of those should mean more or less risk than the other option.

      November 18th, 2013 at 03:09

  5. Luke

    Security is good, but what about root apps? What if I want to browse the raw data/sql an app is storing, from the phone? From what I understand reading that article there is no way to add something like Swype keyboard or Hacker-keyboard, which shouldn’t even require root, on Android.

    Considering how Firefox can have apps that do anything from read files/write files to help switch about:config options, shouldn’t there be that much power on the mobile extensions? How will Firefox ebook readers and similar apps be able to have shared files on sd card?

    November 16th, 2013 at 09:45

    1. Robert Nyman [Editor]

      On keyboards, there is a Keyboard API and we also covered possibilities here in the previous article Adding cursor swipe to the Firefox OS keyboard.

      On sharing files, to my knowledge, the DeviceStorage API would be the best approach for that.

      November 18th, 2013 at 03:12

  6. azerty

    I’m glad security is taken seriously when building FFOS. The model described seems really better than Android where indeed we just say yes to everything because we want the use the app.

    I was wondering if there would be any notification (in the top notification bar of FFOS) that the app is currently using the Camera. Even if the user has allowed the app to access it, it could be nice to remind him that the camera is currently used.

    It is currently the case on Firefox: for eg you allow a website to access your camera when firefox ask “Do you allow … to access your camera” but then you still have a camera icon on the left of the adress bar that reminds you you’re filmed. If think it’s a nice and non obstrusive reminder and I’d love to see it integrated in FFOS. I think it’s already the case for GPS but I’m not sure about the camera.

    November 18th, 2013 at 06:06

    1. Robert Nyman [Editor]

      Thanks for the input. It’s definitely something to consider. At this, from an app, only way to trigger the camera is to use Web Activities and actually go into the camera app, with user consent. Then as soon as you’re done in there, you will leave the app and turn off the camera – i.e. it won’t be running in the background, and it will be clear that it’s active. In the future, though, it will definitely matter.

      November 19th, 2013 at 05:14

      1. azerty

        Ok, thanks for your reply.

        November 20th, 2013 at 11:31

  7. Jose Rodriguez

    Tomorrow I’ll be breaking in a ZTE Open with firefox os. Does any one know if I will get updates to the os directly from Mozila?

    November 26th, 2013 at 21:58

    1. Robert Nyman [Editor]

      We are working to make that update process easier, but this is the documentation at the moment. And good luck with the new device!

      November 27th, 2013 at 02:13

Comments are closed for this article.