On Feb 29, 2012 6:23 PM, "MikeG" <[email protected]> wrote: > > I work for a company that wants to deliver apps to its users to their > personal mobile devices; without letting the devices behind the > firewall. Solution is to put up a web distribution point in the DMZ > and require folks to log in with their domain (or whatever) account. > After much much testing we find that this is not possible with a stock > Android phone. Amazingly, using the stock browser you can > authenticate to a web server for the standard "web" mime types, htm, > xml, txt, pdf, etc, but - and this has to be an oversight - you cannot > authenticate for an .apk file. Yes the mime-type is set on the > server, you can d/l .apk anonymously no problem. You can even install > Firefox on your device and d/l the authenticated file. Still - this > inability to authenticate an apk from the default browsers surely is a > mistake, right? Or maybe I am missing something obvious.. >
Sounds about right. The arbitrary restrictions based on file type and what you are describing pretty much reduce stock upload/download etc to a heaping, worthless, steaming pile of it. I do believe this could be carrier imposed on some level, but have never confirmed. I think if you install busy box, or just compile an apk for wget, you should be able to script the necessary download and authentication. > So, since this appears not to be a core capability of the phone, how > do you distribute a sensitive app to your company in a secure manner > that does not involve a public market, a USB cable or installing a > more capable browser on your Android Device. We have not tested with > an ICS device yet, but even if it works, there are millions of pre-ICS > devices that apparently have this same limitation. > > Looking for ideas on Secure App Distribution. > > -- > You received this message because you are subscribed to the Google Groups "Android Discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to [email protected]. > For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
