Document security best practices for in-app self-updates#489
Open
RDMacLachlan wants to merge 1 commit into
Open
Document security best practices for in-app self-updates#489RDMacLachlan wants to merge 1 commit into
RDMacLachlan wants to merge 1 commit into
Conversation
Add a "Security best practices for self-updating apps" section to the non-Store in-app update guidance, covering capability minimization (don't declare packageManagement/packageQuery unless managing other publishers' packages), the same-publisher enforcement that acts as a safety net, protecting a persisted update source, and why manually pre-verifying an incoming package generally isn't necessary. Resolves AB#31658694 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
|
Learn Build status updates of commit 83848bc: ✅ Validation status: passed
For more details, please refer to the build report. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a Security best practices for self-updating apps section to
msix-src/non-store-developer-updates.md, documenting the in-app update security story raised in this bug.The guidance covers:
packageManagement/packageQuery; omitting them lets the platform enforce same-publisher-only operations as a safety net.The new section is appended at the end of the file to avoid overlapping with PR #482 (AB#25739271), which edits the intro/capability portion of the same document.
Resolves AB#31658694