Enterprise is typically devices from N carriers, no adb. User allows side-loading via settings.
On Mon, Jul 16, 2012 at 12:10 PM, Tim <[email protected]> wrote: > All the source is there, you could use the package manager to push an > application and forward lock it via ADB. Secondly, if you control the > device and it's OS (can have a system signer) you could implement this via > an application via the install_packages permission. > > That's the beauty of this being open source ;) > > -Tim Strazzere > > > > On Mon, Jul 16, 2012 at 12:07 PM, Jeff Enderwick <[email protected] > > wrote: > >> And also what kind of key this is. For example, if there is a per-device >> public key, it would be nice from an enterprise POV to be able to use this >> same feature for enterprise/side-loaded apps. >> >> >> On Mon, Jul 16, 2012 at 11:08 AM, Dru <[email protected]> wrote: >> >>> Thanks for the extra info Nikolay. Has anyone found where the key is >>> stored as that seems pivotal to the entire security. Also, it seems the >>> protection will fall apart on a rooted device where the package can be >>> easily repackaged without the encryption and then redistributed. >>> >>> On Sunday, July 15, 2012 7:30:17 AM UTC-7, Nikolay Elenkov wrote: >>> >>>> On Fri, Jul 6, 2012 at 7:24 PM, Kevin Chadwick wrote: >>>> >> > on the device. The actual APK saved on disk is not encrypted, so >>>> it works >>>> >> > just >>>> >> > as before and no keys are saved on the device. This certainly does >>>> >> > not stop anyone with a rooted devices from pulling the APK from >>>> the device. >>>> > >>>> >>>> Now that JB source is out, it turns out there is one more piece to the >>>> puzzle >>>> -- forward locking. If the 'forward lock' flag is set, an encrypted >>>> EXT4 container will be built for the app, and the app itself will be >>>> split into a >>>> public part (resource) readable by everyone and a private part (the >>>> actual APK), >>>> readable only by root. The whole thing is loopback mounted under >>>> /mnt/asec/package.name, just as it was done for apps moved to the SD >>>> card. >>>> So paid apps (or apps you installed via adb with the -l option) are >>>> indeed >>>> encrypted with a device-specific key when stored on the device. Which >>>> makes >>>> it slightly harder to pull the apk and will probably confuse some >>>> backup apps. >>>> adb backup seems to filter out forward-locked apks, so you only get the >>>> preferences and data files in the backup. >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/android-security-discuss/-/Gc2Ogo85-mkJ. >>> >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
