This article needs a technical review. How you can help.
This document is a working draft - it is not final. Do not rely on this document to be correct, consistent or stable.
This page relates to Add-ons for FirefoxOS. See AMO Review Policy for Add-ons for desktop Firefox and Firefox for Android.
This article describes the set of requirements an add-on must meet to be distributed through the Firefox Marketplace. These requirements are designed to balance the needs of both developers and users of add-ons from the Firefox Marketplace. Developers want fair, consistent, non-draconian requirements that they can trust to build a business on. On the other hand, users want assurance that add-ons are safe, will work on their device, and that the add-on will do what it says it'll do. The add-on requirements below aim for the delicate balance between these needs.
Because of the greater power add-ons have compared to other Marketplace content like webapps, the security and reliability bar is placed higher - we will choose to protect user's safety and experience over developer's ease of development or monetization.
Here are Mozilla's expectations of what add-on review is and is not:
- Criteria will be applied in a fair, compassionate, and consistent manner. The add-on review process is not intended to be a gatekeeper, but rather a trusted touch point that provides feedback to help developers be more successful.
- Reviewers are not a QA team! During the review process, someone will inspect the add-on's source code and spend a few minutes using the features the add-on provides as a normal user would.
- If an add-on fails review, the developer will be given a clear explanation of the problems found, steps to reproduce, and where possible, the reviewer should point the developer in the right direction by providing links to relevant supporting documentation or make recommendations on what changes need to be made.
- We always give developers the benefit of the doubt. If unsure whether an add-on should be rejected, reviewers will ask questions before issuing a rejection. Add-ons will not be (knowingly) rejected due to platform issues that are outside of the developer's control; however we may withhold approval if we can't get the add-on to work.
Add-ons on FirefoxOS can run at system level and modify built-in and preloaded system apps. As such they have significantly more scope for opening up security holds and vulnerabilities than webapps, webpages and add-ons on some other platforms. We expect all add-ons to be secure, not only in their handling of their own data, and of user data, but also in all their interaction with the web and operating system. Specifically, add-ons must not:
- Create or expose security vulnerabilities
- Tamper with the operating system/add-on update code, or blocklisting functions.
- Execute remote code
- Degrade the security of HTTPS sites
- Install additional add-ons or apps without user consent
- Blocking, interfering, or making phone calls or sms without user consent
- Make any remote connections in the system app
Privacy and User Consent
- Regardless of any stated policy, we do expect all add-ons to respect user's choices and their reasonable expectations of privacy.
- Add-ons must not send sensitive data to remote servers unprotected
- The add-on must not prevent access to the add-on manager (settings|Add-ons) or otherwise prevent the user from disabling or uninstalling the add-on.
- User's must not be prevented from reverting changes made by the add-on.
- The add-on must not make unexpected or undisclosed changes to the system, apps or webpages.
- System preferences must not be changed without user consent
- Any add-ons that violate our Content Guidelines below are not allowed. If you think you have an edge case, please ask the review team for clarification, even if the add-on isn’t yet ready to be submitted. We want to help you stay on the right track, rather than invest development time into content that will be rejected.
- Screenshots and descriptions submitted to the Firefox Marketplace must accurately represent the add-on. We recommend at least one screenshot of the add-on in action, so that users can preview what they're actually getting. As some add-ons may make non-visual changes where a screenshot isn't relevant we don't require one.
- We recommend you include an icon to stand out on Marketplace and in the add-on manager, but this is not a requirement. However, if you provide one it should be relevant to the add-on and not misleading.
This list describes types of content that are inappropriate for the Firefox Marketplace. This list is illustrative, not definitive, and may be updated. If an add-on is found to be in violation of these content guidelines, Mozilla has the right to immediately remove the add-on from the Firefox Marketplace.
- No obscene pornographic materials, or graphic depictions of sexuality or violence.
- No content that infringes anyone’s rights, including intellectual property or other proprietary rights or rights of privacy or publicity.
- No content that is designed to harm Mozilla or users (such as malicious code, viruses, spyware or malware).
- No content that is illegal or promotes illegal activities.
- No content that is deceptive, misleading, fraudulent or is designed to phish or perform other identity theft.
- No content that promotes gambling.
- No content that engages in the advertisement of illegal or controlled products or services.
- No content that exploits children.
- No content that degrades, intimidates, incites violence against, or encourages prejudicial action against someone or a group based on age, gender, race, ethnicity, national origin, religion, sexual orientation, disability, religion, geographic location or other protected category or constitutes hate speech.
- No content that misleads a user into making a purchasing decision.
- The reviewer must be able to perform the add-on's primary advertised features. Cosmetic flaws and minor inconveniences will be reported to the developer, but will not prevent an add-on from being approved.
- The add-on must not compromise system performance or stability.
- Add-ons must not download large amounts of data without the user being aware.
- Changes made by the add-on must not persist after the add-on is disabled or uninstalled
We hope we never have to use it, but we do reserve the right to remove ("blocklist") any published add-on that is later found to violate any security, privacy, or content requirements, or add-ons that seriously degrade system or network performance. Developers will be informed of the situation before an add-on is blocklisted, will be assumed to be a good citizen unless we have specific evidence otherwise, and will receive full assistance from the add-on review team to communicate what's going on and get the problem resolved. Specific examples of situations where blocklisting is warranted include:
- Severe misbehavior of add-on for a large percentage of users — degrading phone performance, causing reboots, causing user data loss, etc. where users can't tell that it's because of the add-on and where it isn't solved by rebooting the device.
- An add-on being used for attacks on the network, such as a distributed denial of service (DDOS).
The following resources provide more information on the review process and add-on reviewers: