locked
Will apps that load (signed) app extension code from the web pass the app store certification? RRS feed

  • Question

  • To submit extensions of my app I am thinking of dynamically loading script files from the web into the app. The user has to sign on for that to happen first and he can always see the source code of the script that is beeing downloaded. Kind of Firefox Greasemonkey oder Google Chrome extensions.

    However I can imagine that such kind of behaviour would be considered insecure by the security review process before an app gets into the appstore. The appverifier though, did not complain about such code.

    Any thoughts on that?

    Saturday, February 25, 2012 1:15 PM

All replies

  • Hi Phil_ke,

    Each app submitted will be reviewed based on its individual merits prior to becoming available in the Windows Store.  The details on the app certification requirements can be found on the page below.  We recommend that you test your app using the Windows App Certification Kit to provide you with information to determine the likelihood that it would pass certification but this does not guarantee that an app will pass.  

    http://msdn.microsoft.com/en-us/library/windows/apps/hh694083

    Thanks,

    Dawn

    Thursday, March 8, 2012 12:21 AM
    Moderator
  • The WACK does not fail when I test my app. I also see that the Bing Maps Metro SDK loads modules code from the web, so it seems to be ok to load additional code from the web (even without the users consent).

    I really hope we can use this to make our apps easily extendable.

    Thursday, March 8, 2012 11:07 AM