Authenticated downloads


The Ubuntu Software Store is currently split into two: for 14.04 Desktop and older (debian installer based) and for 13.10 phone and newer (click installe based). The explanation here applies to the click store, although they mostly overlap in most things.

The implementation

The Ubuntu Software Store requires all download requests to be authenticated via an oauth token, provided from Ubuntu One (the single sign on service). This applies to all applications, free (as in beer and speech) and proprietary. Canonical's servers will store information about which user has installed what apps.

The rationale

This decision was made to support some core use cases we want to address:

  • Provide users an easy way to re-install all apps they've installed before across devices
  • Provide developers meaningful statistics on the usage of their apps (number of installs over time and different versions, number of active installs, etc)
  • Since the code in the store is not deeply audited, if ever there was a malicious app that got through, Canonical would like a way to contact the affected users

AppStore/Decisions/AuthenticatedDownloads (last edited 2013-10-04 19:17:24 by beuno)