Hi folks,
I was missing here for different reasons but now I'm back and with some damn good news.
As we all know, KaiOS was derived from Firefox OS, and Firefox OS had an awesome application installation mechanism that allowed to install the app from any trusted website, hence the name of these applications - OWA - Open Web Apps. They were open because they weren't tied to any centralized source. Anyone could publish their apps in their own places, and the way to do this was described here:
https://developer.mozilla.org/en-US/docs/Archive/Mozilla/Marketplace/Options/Self_publishingSo, basically speaking, you have an app with full manifest, you have a mini-manifest, and you have a page invoking the necessary call (
navigator.mozApps.install(manifestURL) for hosted apps or
navigator.mozApps.installPackage(manifestURL) for packaged apps) that references the mini-manifest, performs all necessary checks and installs your app. This is the only correct and documented way of installation ever present in FFOS.
Well, what about KaiOS? Despite the aforementioned API calls are still present and available from Web context (as it should be!) contrary to the undocumented navigator.mozApps.mgmt object, they block all OWA installation from the non-KaiOSTech domains and return
INSTALL_FROM_DENIED error. So, even from the Web context, the only valid installation source would still be KaiStore. But...
It turns out that this behavio(u)r is configurable and there is a special preference (do not confuse preferences with device settings or Android properties) called
apps.serviceCenter.allowedOrigins that
whitelists all the allowed installation sources. Unfortunately, it doesn't support wildcarding - I checked
Webapps.jsm code and it explicitly looks for each root URL (remote or local) to match the app origin. By default, it looks like this:
https://kaios-plus.kaiostech.com,app://kaios-plus.kaiostech.comSo, it points to the Web and app versions of KaiStore. Just to test my theory, I appended a comma and
https://robnyman.github.io/ to this value (in NewMoon's WebIDE), rebooted, went to the
FFOS Boilerplate App page and... installed the app directly from the browser! So, it worked as expected. Normal OWA installer is still here, we just need to create a way of easy editing of this whitelist preference.
Well, there seems to be such a way (provided that
masterExt is
navigator.engmodeExtension or whatever we resolve it to). Read the property we need:
var origins = masterExt.getPrefValue('apps.serviceCenter.allowedOrigins','').split(',')
Append the value we need:
origins.push('https://store.bananahackers.net/')
Now, set the property back:
masterExt.setPrefValue('apps.serviceCenter.allowedOrigins', origins.join(','))
Since the last operation can't be done in KaiOS 2.5.2 for some reasons, we still need either WebIDE or an app with certified permission level to do this every time a new source appears, by directly patching the
prefs.js file in your default Mozilla profile (requires root but perfectly update-safe since it doesn't affect system partition). So, let me introduce the app called
OrigAMI -
Origins of
Application
Marketless
Installation.
Available here:
https://gitlab.com/suborg/origamiThis is just an app for easy editing of the
apps.serviceCenter.allowedOrigins preference. It consists of the editable text area with origins loaded from the property on start. For convenience, each new origin URI is on a new line. You can save the property value with a single click and optionally reboot the phone right away to apply the change.
All this was tested on Nokia 2720 Flip but I'm sure it will work on any jailbroken KaiOS device, at least in privileged mode. The tool itself is released into public domain.
I hope thie discovery will pave a completely new way in how alternative stores for KaiOS can be organized. Have fun!