[Prev] Thread [Next]  |  [Prev] Date [Next]

[android-discuss] Secure Distribution of "Company" Apps MikeG Wed Feb 29 17:00:17 2012

I work for a company that wants to deliver apps to its users to their
personal mobile devices; without letting the devices behind the
firewall.  Solution is to put up a web distribution point in the DMZ
and require folks to log in with their domain (or whatever) account.
After much much testing we find that this is not possible with a stock
Android phone.  Amazingly, using the stock browser you can
authenticate to a web server for the standard "web" mime types, htm,
xml, txt, pdf, etc, but - and this has to be an oversight - you cannot
authenticate for an .apk file.  Yes the mime-type is set on the
server, you can d/l .apk anonymously no problem.  You can even install
Firefox on your device and d/l the authenticated file.  Still - this
inability to authenticate an apk from the default browsers surely is a
mistake, right?  Or maybe I am missing something obvious..

So, since this appears not to be a core capability of the phone, how
do you distribute a sensitive app to your company in a secure manner
that does not involve a public market, a USB cable or installing a
more capable browser on your Android Device. We have not tested with
an ICS device yet, but even if it works, there are millions of pre-ICS
devices that apparently have this same limitation.

Looking for ideas on Secure App Distribution.

You received this message because you are subscribed to the Google Groups 
"Android Discuss" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at