Add-on signing in Firefox for Android

When you install an add-on, Firefox checks that it has been verified or "signed" before proceeding. Unsigned add-ons have not yet been reviewed by Mozilla and might cause security issues. If an add-on is unsigned, Firefox will display a warning message and prevent the add-on from installing.

Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.

Why do add-ons need to be verified?

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. In order to protect you against these attacks, developers must follow security guidelines before Mozilla signs them.

Developers: To learn more about add-on signing guidelines, see Signing and distributing your add-on and Review Policies at Mozilla Developer Network.

Where can I find signed add-ons?

All add-ons hosted on addons.mozilla.org are signed before they are listed.

Add-ons hosted on other sites may or may not be signed by Mozilla. Firefox allows you to install add-ons from other sites, as long as they follow the add-on safety guidelines.

Override add-on signing (advanced users)

You can temporarily override the setting to enforce the add-on signing requirement by changing the preference xpinstall.signatures.required to false in the about:config page. Support is not available for any changes made to these settings so please do this at your own risk. Signing will be mandatory with no override, in Firefox 47 beta and release versions. For details, see this Mozilla blog.

Was this article helpful? Please wait...

These fine people helped write this article: AliceWyman, Tonnes, Joni. You can help too - find out how.