App Store Proof of Concept
Walt Miner
Introduction
- Purpose of the Application Store API
- Enable an end user application store for a curated list of applications
- Provide a user experience matching or exceeding a mobile app store experience
- Establish and maintain required API patterns for root of trust
- Directly support embedded Linux use cases
- Scope and objectives
- API to enable querying and selecting applications from cloud service
- API to enable viewing and publishing end user reviews on an application
- Cloud side parameters control end user context
- What apps are available
- What features are enabled for device
- API is agnostic to this configuration
2. System Architecture
- Overview of the architecture, including components and their interactions
- Flow chart of application review and submission
- Flow chart of application catalog browsing
- Flow chart of application installation
- Flow chart of device login
- Passing SKU, SN, etc to cloud determines available server context
- Root of trust oveview
- flatpak signing
- key revoke process
- Filesystem sandbox
- White/Black listing of system calls
- Relationship with crosvm, Flutter, flatpak, and other technologies
- crosvm control by Flutter Embedder
- native platform plugin directly controls a crosvm instance
- Flutter example using store plugin from Toyota vNext embedder
- Secret storage
- Data flow between components
- Flutter to store plugin
- store plugin control of crosvm
- secret storage I/O with plugin
- DRM protected playback flow
3. Key Features
- Root of trust for apps and transactions
- Distribution of 1st/3rd party apps as flatpaks
- App statistics reporting to the cloud
- End-user rating system
- Support for micro/macro transactions
- Crosvm control via Dart and rendering to Surface or Texture
- Support for various application types (Flutter, Native Linux, Android)
4. Cloud Service
- Utilization of protobuf/nanopb API
- Services offered, including:
- App/Service Availability
- Catalog of available services and applications
- Ratings & Reviews
- View reviews for all available applications
- Allow submission of review on any installed applications
- Statistic Reporting
- Reports usage reports as part of store login sequence
- Upgrade
- Mandatory updates
- Controls existing app lifecycle and update flatpak
- key revoke/update
- CVE patch
- Voluntary updates
- Controls existing app lifecycle and update flatpak
5. Store API
- Integrated support for various transactions
- Activities, including:
- Get Available Apps
- Download App
- Validate App Bundle
- Upgrade App Bundle
- List Installed Apps
- Send App Ratings
- Micro Transactions (Purchase)
6. Protocols and APIs
- Details about the protocols and APIs used, such as protobuf/nanopb
7. Links and References
8. Dependencies
- Dependencies on external libraries, frameworks, or services
9. Security Considerations
- Measures taken to ensure the security of the application store and its transactions
10. Testing
- Testing methodologies, including unit testing, integration testing, and any other relevant testing approaches
11. Deployment
- Instructions for deploying the Application Store v0.1 Plugin
12. Future Enhancements
- APK runtime support - AOSP compatibility
{"serverDuration": 43, "requestCorrelationId": "d45fad32309c4248bc56a70181f2a4ce"}