diff --git a/dom/apps/PermissionsTable.jsm b/dom/apps/PermissionsTable.jsm
index b15c8b47305c..81bb80fd7a7f 100644
--- a/dom/apps/PermissionsTable.jsm
+++ b/dom/apps/PermissionsTable.jsm
@@ -668,7 +668,7 @@ this.AllPossiblePermissions = [];
     AllPossiblePermissions.concat(["indexedDB", "offline-app", "pin-app"]);
 })();
 
-this.isExplicitInPermissionsTable = function(aPermName, aIntStatus) {
+this.isExplicitInPermissionsTable = function(aPermName, aIntStatus, aAppKind) {
 
   // Check to see if the 'webapp' is app/privileged/certified.
   let appStatus;
@@ -680,7 +680,7 @@ this.isExplicitInPermissionsTable = function(aPermName, aIntStatus) {
       appStatus = "privileged";
       break;
     default: // If it isn't certified or privileged, it's app
-      appStatus = "app";
+      appStatus = aAppKind == "hosted-trusted" ? "trusted" : "app";
       break;
   }
 
diff --git a/dom/interfaces/apps/mozIApplication.idl b/dom/interfaces/apps/mozIApplication.idl
index 4dfc6e68e07d..0056df3d317d 100644
--- a/dom/interfaces/apps/mozIApplication.idl
+++ b/dom/interfaces/apps/mozIApplication.idl
@@ -11,7 +11,7 @@
  * We expose Gecko-internal helpers related to "web apps" through this
  * sub-interface.
  */
-[scriptable, uuid(1d856b11-ac29-47d3-bd52-a86e3d45fcf4)]
+[scriptable, uuid(1d856b11-ac29-47d3-bd52-a86e3d45fcf5)]
 interface mozIApplication: nsISupports
 {
   /* Return true if this app has |permission|. */
@@ -55,4 +55,7 @@ interface mozIApplication: nsISupports
 
   /* role copied from the manifest */
   readonly attribute DOMString role;
+
+  /* Returns the kind of the app. */
+  readonly attribute DOMString kind;
 };
diff --git a/dom/permission/PermissionSettings.js b/dom/permission/PermissionSettings.js
index a07745ab8dbb..0921554ea2b2 100644
--- a/dom/permission/PermissionSettings.js
+++ b/dom/permission/PermissionSettings.js
@@ -61,10 +61,13 @@ PermissionSettings.prototype = {
                                   aBrowserFlag) {
     debug("isExplicit: " + aPermName + ", " + aManifestURL + ", " + aOrigin);
     let uri = Services.io.newURI(aOrigin, null, null);
-    let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
-    let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
+    let app = appsService.getAppByManifestURL(aManifestURL);
+    let principal = Services.scriptSecurityManager
+      .getAppCodebasePrincipal(uri, app.localId, aBrowserFlag);
 
-    return isExplicitInPermissionsTable(aPermName, principal.appStatus);
+    return isExplicitInPermissionsTable(aPermName,
+                                        principal.appStatus,
+                                        app.kind);
   },
 
   set: function set(aPermName, aPermValue, aManifestURL, aOrigin,