Loading...

android-discuss@googlegroups.com

[Prev] Thread [Next]  |  [Prev] Date [Next]

[android-discuss] Secure Distribution of "Company" Apps MikeG Wed Feb 29 17:00:17 2012

I work for a company that wants to deliver apps to its users to their
personal mobile devices; without letting the devices behind the
firewall.  Solution is to put up a web distribution point in the DMZ
and require folks to log in with their domain (or whatever) account.
After much much testing we find that this is not possible with a stock
Android phone.  Amazingly, using the stock browser you can
authenticate to a web server for the standard "web" mime types, htm,
xml, txt, pdf, etc, but - and this has to be an oversight - you cannot
authenticate for an .apk file.  Yes the mime-type is set on the
server, you can d/l .apk anonymously no problem.  You can even install
Firefox on your device and d/l the authenticated file.  Still - this
inability to authenticate an apk from the default browsers surely is a
mistake, right?  Or maybe I am missing something obvious..

So, since this appears not to be a core capability of the phone, how
do you distribute a sensitive app to your company in a secure manner
that does not involve a public market, a USB cable or installing a
more capable browser on your Android Device. We have not tested with
an ICS device yet, but even if it works, there are millions of pre-ICS
devices that apparently have this same limitation.

Looking for ideas on Secure App Distribution.

-- 
You received this message because you are subscribed to the Google Groups 
"Android Discuss" group.
To post to this group, send email to [EMAIL PROTECTED]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/android-discuss?hl=en.