Skip to content

Document security best practices for in-app self-updates#489

Open
RDMacLachlan wants to merge 1 commit into
MicrosoftDocs:mainfrom
RDMacLachlan:users/romaclac/docbug-31658694
Open

Document security best practices for in-app self-updates#489
RDMacLachlan wants to merge 1 commit into
MicrosoftDocs:mainfrom
RDMacLachlan:users/romaclac/docbug-31658694

Conversation

@RDMacLachlan

Copy link
Copy Markdown
Collaborator

Summary

Adds a Security best practices for self-updating apps section to msix-src/non-store-developer-updates.md, documenting the in-app update security story raised in this bug.

The guidance covers:

  • Declare only the capabilities you need — an app that only self-updates (or updates same-publisher packages) should not declare packageManagement/packageQuery; omitting them lets the platform enforce same-publisher-only operations as a safety net.
  • Same-publisher enforcement as defense-in-depth against a tampered update URI.
  • Protect the update source — treat a persisted update URL as untrusted input (application data is writable by the full-trust user).
  • Whether to inspect the incoming package first — generally unnecessary; rely on platform enforcement rather than manual pre-vetting.

The new section is appended at the end of the file to avoid overlapping with PR #482 (AB#25739271), which edits the intro/capability portion of the same document.

Resolves AB#31658694

Add a "Security best practices for self-updating apps" section to the
non-Store in-app update guidance, covering capability minimization
(don't declare packageManagement/packageQuery unless managing other
publishers' packages), the same-publisher enforcement that acts as a
safety net, protecting a persisted update source, and why manually
pre-verifying an incoming package generally isn't necessary.

Resolves AB#31658694

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 83848bc:

✅ Validation status: passed

File Status Preview URL Details
msix-src/non-store-developer-updates.md ✅Succeeded

For more details, please refer to the build report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant