App Store Proof of Concept

Owned by Walt Miner
May 28, 2024
2 min read

Introduction

  • Purpose of the Application Store API
    • Enable an end user application store for a curated list of applications
    • Provide a user experience matching or exceeding a mobile app store experience
    • Establish and maintain required API patterns for root of trust
    • Directly support embedded Linux use cases
  • Scope and objectives
    • API to enable querying and selecting applications from cloud service
    • API to enable viewing and publishing end user reviews on an application
    • Cloud side parameters control end user context
      • What apps are available
      • What features are enabled for device
      • API is agnostic to this configuration

2. System Architecture

  • Overview of the architecture, including components and their interactions
    • Flow chart of application review and submission
    • Flow chart of application catalog browsing
    • Flow chart of application installation
      • Flatpak validation
    • Flow chart of device login
      • Passing SKU, SN, etc to cloud determines available server context
    • Root of trust oveview
      • flatpak signing
      • key revoke process
    • Filesystem sandbox
    • White/Black listing of system calls
  • Relationship with crosvm, Flutter, flatpak, and other technologies
    • crosvm control by Flutter Embedder
      • native platform plugin directly controls a crosvm instance
    • Flutter example using store plugin from Toyota vNext embedder
    • Secret storage
  • Data flow between components
    • Flutter to store plugin
    • store plugin control of crosvm
    • secret storage I/O with plugin
    • DRM protected playback flow


3. Key Features

  • Root of trust for apps and transactions
  • Distribution of 1st/3rd party apps as flatpaks
  • App statistics reporting to the cloud
  • End-user rating system
  • Support for micro/macro transactions
  • Crosvm control via Dart and rendering to Surface or Texture
  • Support for various application types (Flutter, Native Linux, Android)

4. Cloud Service

  • Utilization of protobuf/nanopb API
  • Services offered, including:
    • App/Service Availability
      • Catalog of available services and applications
    • Ratings & Reviews
      • View reviews for all available applications
      • Allow submission of review on any installed applications
    • Statistic Reporting
      • Reports usage reports as part of store login sequence
    • Upgrade
      • Mandatory updates
        • Controls existing app lifecycle and update flatpak
        • key revoke/update
        • CVE patch
      • Voluntary updates
        • Controls existing app lifecycle and update flatpak

5. Store API

  • Integrated support for various transactions
  • Activities, including:
    • Get Available Apps
    • Download App
    • Validate App Bundle
    • Upgrade App Bundle
    • List Installed Apps
    • Send App Ratings
    • Micro Transactions (Purchase)

6. Protocols and APIs

  • Details about the protocols and APIs used, such as protobuf/nanopb

7. Links and References

8. Dependencies

  • Dependencies on external libraries, frameworks, or services

9. Security Considerations

  • Measures taken to ensure the security of the application store and its transactions

10. Testing

  • Testing methodologies, including unit testing, integration testing, and any other relevant testing approaches

11. Deployment

  • Instructions for deploying the Application Store v0.1 Plugin

12. Future Enhancements

  • APK runtime support - AOSP compatibility