Add-on signing in Firefox for Android

When you install an add-on, Firefox checks that it has been verified or “signed” before proceeding. Unsigned add-ons have not yet been reviewed by Mozilla and might cause security issues. If an add-on is unsigned, Firefox will display a warning message and prevent the add-on from installing.

Add-on signing targets only malware and browser hijacking. It does not control or censor the content that you choose to see.

Why do add-ons need to be verified?

Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. In order to protect you against these attacks, developers must follow security guidelines before Mozilla signs them.

Developers: To learn more about add-on signing guidelines, see Signing and distributing your add-on and Review Policies.

Where can I find signed add-ons?

All add-ons hosted on addons.mozilla.org are signed before they are listed.

Add-ons hosted on other sites may or may not be signed by Mozilla. Firefox allows you to install add-ons from other sites, as long as they follow the add-on safety guidelines.

Override add-on signing (advanced users)

Warning: Changing advanced preferences can affect Firefox's stability and security. This is recommended for advanced users only.
You can override the setting to enforce the add-on signing requirement only in Firefox for Android Nightly. You need to change the preference xpinstall.signatures.required to false in the about:config page. Support is not available for any changes made to these settings, so please do this at your own risk. See the Add-ons/Extension Signing Mozilla Wiki article for more information.

Was this article helpful?

Please wait...

These fine people helped write this article:

Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More