diff --git a/tests/apps/schedule.js b/tests/apps/schedule.js
index a5f9acffe..8bf5be65a 100644
--- a/tests/apps/schedule.js
+++ b/tests/apps/schedule.js
@@ -16,7 +16,7 @@
 
 "use strict";
 
-const { short_wait } = require('../utils');
+const { short_wait, run_xfail } = require('../utils');
 
 module.exports = {};
 
@@ -80,29 +80,32 @@ function common({browser, refStr, firstWaitDuration, shouldRepeat}) {
   })
 }
 
-module.exports["Test periodic tasks"] = function(browser) {
-  common({
-    browser,
-    refStr: 'hourly',
-    firstWaitDuration: 60 * 60 * 1000,
-    shouldRepeat: true,
-  })
-}
+if (run_xfail) {
+  // https://github.com/sandstorm-io/sandstorm/issues/3295
+  module.exports["Test periodic tasks"] = function(browser) {
+    common({
+      browser,
+      refStr: 'hourly',
+      firstWaitDuration: 60 * 60 * 1000,
+      shouldRepeat: true,
+    })
+  }
 
-module.exports["Test canceling tasks"] = function(browser) {
-  common({
-    browser,
-    refStr: 'hourly-cancel',
-    firstWaitDuration: 60 * 60 * 1000,
-    shouldRepeat: false,
-  })
-}
+  module.exports["Test canceling tasks"] = function(browser) {
+    common({
+      browser,
+      refStr: 'hourly-cancel',
+      firstWaitDuration: 60 * 60 * 1000,
+      shouldRepeat: false,
+    })
+  }
 
-module.exports["Test one-shot tasks"] = function(browser) {
-  common({
-    browser,
-    refStr: 'oneshot',
-    firstWaitDuration: 5 * 60 * 1000,
-    shouldRepeat: false,
-  })
+  module.exports["Test one-shot tasks"] = function(browser) {
+    common({
+      browser,
+      refStr: 'oneshot',
+      firstWaitDuration: 5 * 60 * 1000,
+      shouldRepeat: false,
+    })
+  }
 }
diff --git a/tests/tests/account.js b/tests/tests/account.js
index 538221d53..c6b333738 100644
--- a/tests/tests/account.js
+++ b/tests/tests/account.js
@@ -27,95 +27,98 @@ var utils = require('../utils'),
 var path = require('path');
 var assetsPath = path.resolve(__dirname, '../assets');
 
-module.exports["Test link credentials"] = function (browser) {
-  // Prepend 'A' so that the default handle is valid.
-  var devName1 = "A" + crypto.randomBytes(10).toString("hex");
-  var devName2 = "A" + crypto.randomBytes(10).toString("hex");
-  var devName3 = "A" + crypto.randomBytes(10).toString("hex");
-  var devCredentialId1 = crypto.createHash("sha256").update("dev:" + devName1).digest("hex");
-  var devCredentialId3 = crypto.createHash("sha256").update("dev:" + devName3).digest("hex");
-  browser
-    .init()
+if (run_xfail) {
+  // https://github.com/sandstorm-io/sandstorm/issues/3239
+  module.exports["Test link credentials"] = function (browser) {
+    // Prepend 'A' so that the default handle is valid.
+    var devName1 = "A" + crypto.randomBytes(10).toString("hex");
+    var devName2 = "A" + crypto.randomBytes(10).toString("hex");
+    var devName3 = "A" + crypto.randomBytes(10).toString("hex");
+    var devCredentialId1 = crypto.createHash("sha256").update("dev:" + devName1).digest("hex");
+    var devCredentialId3 = crypto.createHash("sha256").update("dev:" + devName3).digest("hex");
+    browser
+      .init()
 
-    // Upgrade a demo account to a real account by linking an credential.
-    .url(browser.launch_url + "/demo")
-    .disableGuidedTour()
-    .waitForElementVisible(".demo-startup-modal .start", medium_wait)
-    .click(".demo-startup-modal .start")
-    .disableGuidedTour()
-    .waitForElementPresent(".main-content>.app-list", medium_wait)
-    .click(".login>button.show-popup")
-    .waitForElementVisible(".login-buttons-list", short_wait)
-    .click(".login-buttons-list button.dev")
-    .waitForElementVisible("input[name=name]", short_wait)
-    .setValue("input[name=name]", devName1)
-    .submitForm(".login-buttons-list form.dev")
-    .waitForElementVisible("form.account-profile-editor", short_wait) // confirm profile
-    // Profile defaulted to new credential's name, not "Demo User".
-    .assert.attributeContains("form.account-profile-editor input[name=nameInput]", "value", devName1)
-    .submitForm("form.account-profile-editor")
-    .execute(function () { return Meteor.user().profile.identicon; }, [], function (response) {
-      // The identicon ID is based on the credential ID.
-      browser.assert.equal(response.value, devCredentialId1);
-    })
-    .execute("window.Meteor.logout()")
+      // Upgrade a demo account to a real account by linking an credential.
+      .url(browser.launch_url + "/demo")
+      .disableGuidedTour()
+      .waitForElementVisible(".demo-startup-modal .start", medium_wait)
+      .click(".demo-startup-modal .start")
+      .disableGuidedTour()
+      .waitForElementPresent(".main-content>.app-list", medium_wait)
+      .click(".login>button.show-popup")
+      .waitForElementVisible(".login-buttons-list", short_wait)
+      .click(".login-buttons-list button.dev")
+      .waitForElementVisible("input[name=name]", short_wait)
+      .setValue("input[name=name]", devName1)
+      .submitForm(".login-buttons-list form.dev")
+      .waitForElementVisible("form.account-profile-editor", short_wait) // confirm profile
+      // Profile defaulted to new credential's name, not "Demo User".
+      .assert.attributeContains("form.account-profile-editor input[name=nameInput]", "value", devName1)
+      .submitForm("form.account-profile-editor")
+      .execute(function () { return Meteor.user().profile.identicon; }, [], function (response) {
+        // The identicon ID is based on the credential ID.
+        browser.assert.equal(response.value, devCredentialId1);
+      })
+      .execute("window.Meteor.logout()")
 
-    // Linking the first credential to a new account should fail.
-    .loginDevAccount(devName2)
-    .url(browser.launch_url + "/account")
-    .waitForElementVisible("button.link-new-credential", short_wait)
-    .click("button.link-new-credential")
-    .waitForElementVisible(".login-buttons-list button.dev", short_wait)
-    .click(".login-buttons-list button.dev")
-    .waitForElementVisible("input[name=name]", short_wait)
-    .setValue("input[name=name]", devName1)
-    .submitForm(".login-buttons-list form.dev")
-    .waitForElementPresent(".flash-message.error-message", medium_wait)
-    .assert.containsText(".flash-message.error-message", "Error linking credential")
+      // Linking the first credential to a new account should fail.
+      .loginDevAccount(devName2)
+      .url(browser.launch_url + "/account")
+      .waitForElementVisible("button.link-new-credential", short_wait)
+      .click("button.link-new-credential")
+      .waitForElementVisible(".login-buttons-list button.dev", short_wait)
+      .click(".login-buttons-list button.dev")
+      .waitForElementVisible("input[name=name]", short_wait)
+      .setValue("input[name=name]", devName1)
+      .submitForm(".login-buttons-list form.dev")
+      .waitForElementPresent(".flash-message.error-message", medium_wait)
+      .assert.containsText(".flash-message.error-message", "Error linking credential")
 
-    // Linking a third credential to the second account should succeed.
-    .click("button.link-new-credential")
-    .waitForElementVisible(".login-buttons-list button.dev", short_wait)
-    .click(".login-buttons-list button.dev")
-    .waitForElementVisible("input[name=name]", short_wait)
-    .setValue("input[name=name]", devName3)
-    .submitForm(".login-buttons-list form.dev")
-    .waitForElementVisible(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']",
-                           medium_wait)
-    .click(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']")
-    .waitForElementPresent("input.toggle-login[data-credential-id='" + devCredentialId3 + "']",
-                           short_wait)
-    .assert.elementPresent(
-      "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked")
-    // Set the credential to non-login.
-    .click("input.toggle-login[data-credential-id='" + devCredentialId3 + "']")
-    .waitForElementNotPresent(
-      "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked", short_wait)
-    .execute("window.Meteor.logout()")
+      // Linking a third credential to the second account should succeed.
+      .click("button.link-new-credential")
+      .waitForElementVisible(".login-buttons-list button.dev", short_wait)
+      .click(".login-buttons-list button.dev")
+      .waitForElementVisible("input[name=name]", short_wait)
+      .setValue("input[name=name]", devName3)
+      .submitForm(".login-buttons-list form.dev")
+      .waitForElementVisible(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']",
+                             medium_wait)
+      .click(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']")
+      .waitForElementPresent("input.toggle-login[data-credential-id='" + devCredentialId3 + "']",
+                             short_wait)
+      .assert.elementPresent(
+        "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked")
+      // Set the credential to non-login.
+      .click("input.toggle-login[data-credential-id='" + devCredentialId3 + "']")
+      .waitForElementNotPresent(
+        "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked", short_wait)
+      .execute("window.Meteor.logout()")
 
-    // Linking the third credential to the original account should succeed.
-    //
-    // If we try `loginDevAccount(devName1)`, we get stuck on waiting for the applist to appear,
-    // because our original user is a demo user without a signup key.
-    .execute(function (name) { window.loginDevAccount(name) }, [devName1])
-    .waitForElementVisible(".account>button.show-popup", medium_wait)
-    .url(browser.launch_url + "/account")
-    .waitForElementVisible("button.link-new-credential", short_wait)
-    .click("button.link-new-credential")
-    .waitForElementVisible(".login-buttons-list button.dev", short_wait)
-    .click(".login-buttons-list button.dev")
-    .waitForElementVisible("input[name=name]", short_wait)
-    .setValue("input[name=name]", devName3)
-    .submitForm(".login-buttons-list form.dev")
-    .waitForElementVisible(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']",
-                           medium_wait)
-    .click(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']")
-    // Because it is shared with another account, the credential does not have the ability to login.
-    .assert.elementNotPresent(
-      "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked")
+      // Linking the third credential to the original account should succeed.
+      //
+      // If we try `loginDevAccount(devName1)`, we get stuck on waiting for the applist to appear,
+      // because our original user is a demo user without a signup key.
+      .execute(function (name) { window.loginDevAccount(name) }, [devName1])
+      .waitForElementVisible(".account>button.show-popup", medium_wait)
+      .url(browser.launch_url + "/account")
+      .waitForElementVisible("button.link-new-credential", short_wait)
+      .click("button.link-new-credential")
+      .waitForElementVisible(".login-buttons-list button.dev", short_wait)
+      .click(".login-buttons-list button.dev")
+      .waitForElementVisible("input[name=name]", short_wait)
+      .setValue("input[name=name]", devName3)
+      .submitForm(".login-buttons-list form.dev")
+      .waitForElementVisible(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']",
+                             medium_wait)
+      .click(".credentials-tabs li[data-credential-id='" + devCredentialId3 + "']")
+      // Because it is shared with another account, the credential does not have the ability to login.
+      .assert.elementNotPresent(
+        "input.toggle-login[data-credential-id='" + devCredentialId3 + "']:checked")
 
-    .end();
-};
+      .end();
+  };
+}
 
 module.exports["Test try login with non-login credential"] = function (browser) {
   var otherCredentialName = crypto.randomBytes(10).toString("hex");
diff --git a/tests/tests/appHooks.js b/tests/tests/appHooks.js
index 235700a3b..b5a5159b0 100644
--- a/tests/tests/appHooks.js
+++ b/tests/tests/appHooks.js
@@ -14,42 +14,45 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-const {short_wait, medium_wait, long_wait} = require('../utils');
+const {short_wait, medium_wait, long_wait, run_xfail} = require('../utils');
 
-module.exports['Test saving and restoring capabilities via AppHooks'] = function(browser) {
-  browser
-    .loginDevAccount()
-    .uploadMeteorTestApp()
-    .waitForElementVisible('button.action', medium_wait)
-    .click('button.action')
-    // click the "Got it!" button in the "this is your first grain" popup.
-    // This shadows the debug log so we have to clear it in order to open the
-    // log.
-    .waitForElementVisible(".introjs-skipbutton", short_wait)
-    .click(".introjs-skipbutton")
-    .waitForElementVisible("#openDebugLog", short_wait)
-    // We also want to wait a moment before clicking the debug log button, so the
-    // first grain popup has actually gotten out of our way:
-    .pause(short_wait)
-    .click("#openDebugLog")
-    .waitForElementVisible('.grain-frame', medium_wait)
-    .grainFrame()
-    .execute(function() {
-      Meteor.call('schedule', 'someObjectId')
-    })
-    .frameParent()
-    .pause(short_wait)
-    .execute(function() {
-      Meteor.call("runDueJobsAt", Date.now() + 1000 * 60 * 60);
-    })
-    .pause(short_wait)
-    .windowHandles(windows => browser.switchWindow(windows.value[1]))
-    .assert.containsText(".grainlog-contents > pre", "Running callback: someObjectId")
+if (run_xfail) {
+  // https://github.com/sandstorm-io/sandstorm/issues/3353
+  module.exports['Test saving and restoring capabilities via AppHooks'] = function(browser) {
+    browser
+      .loginDevAccount()
+      .uploadMeteorTestApp()
+      .waitForElementVisible('button.action', medium_wait)
+      .click('button.action')
+      // click the "Got it!" button in the "this is your first grain" popup.
+      // This shadows the debug log so we have to clear it in order to open the
+      // log.
+      .waitForElementVisible(".introjs-skipbutton", short_wait)
+      .click(".introjs-skipbutton")
+      .waitForElementVisible("#openDebugLog", short_wait)
+      // We also want to wait a moment before clicking the debug log button, so the
+      // first grain popup has actually gotten out of our way:
+      .pause(short_wait)
+      .click("#openDebugLog")
+      .waitForElementVisible('.grain-frame', medium_wait)
+      .grainFrame()
+      .execute(function() {
+        Meteor.call('schedule', 'someObjectId')
+      })
+      .frameParent()
+      .pause(short_wait)
+      .execute(function() {
+        Meteor.call("runDueJobsAt", Date.now() + 1000 * 60 * 60);
+      })
+      .pause(short_wait)
+      .windowHandles(windows => browser.switchWindow(windows.value[1]))
+      .assert.containsText(".grainlog-contents > pre", "Running callback: someObjectId")
 
-    // Close the grain log and switch back to the main window, to avoid
-    // confusing future tests:
-    browser.windowHandles(windows => {
-      browser.closeWindow()
-      browser.switchWindow(windows.value[0])
-    })
+      // Close the grain log and switch back to the main window, to avoid
+      // confusing future tests:
+      browser.windowHandles(windows => {
+        browser.closeWindow()
+        browser.switchWindow(windows.value[0])
+      })
+  }
 }