The security model of Firefox OS

In Firefox OS, each application runs in an iframe with superpowers; hence, apps that run on Gecko run on a separate process that is a child process of the B2G system process. Due to this, a malicious application cannot disturb Gaia or other applications. Access to the underlying hardware is available only via the WebAPIs, which themselves are divided into different levels of permissions: Hosted (Web), Privileged, and Certified.

Each Firefox OS application has a manifest file that contains the details of the application. The developer has to declare the permissions for the use of the WebAPIs in the manifest file. Every application that runs in Firefox OS runs in a sandboxed environment. This means that the data generated by the application is sandboxed as well, and hence the data of one application cannot be accessed by another application. The following illustration will help you grasp the preceding discussion of application sandboxing:

Even permissions from different websites are sandboxed on Firefox OS. For example, if an application uses OAuth to authenticate its users, then another app which uses a similar OAuth mechanism will ask for the login credentials again, even when you have used the login credentials in one application. This is because both applications are running in different sandboxes separately from one another, and the cookies of one application cannot be accessed by another application.

Don't worry if the concepts of the manifest file and the permissions levels are not clear yet; we will cover these topics in depth in Chapter 3, Getting Your Hands Dirty: Firefox OS Apps. Right now, you can just think of them as features that contribute to the application security in Firefox OS.

Firefox OS pays great attention to the user's data security as well. There is a setting called Do Not Track that helps to protect a user's privacy when browsing the Internet. The apps run in a sandboxed mode as described earlier, and once a user uninstalls an application, all the data associated with the application, such as cookies, AppCache, Local Storage, and IndexedDB, is also permanently deleted.