Not gonna fly in any enterprise environment I know. It all has to happen OTA.
On Mon, Jul 16, 2012 at 12:46 PM, Tim <[email protected]> wrote: > Sorry, are you saying an enterprise IT department couldn't use ADB to > provision the device prior to giving it out? > > This might not work so well in BOYD, but if you wanted the enterprise app, > hand it over to IT, let them enable ADB/install and disable ADB? > > -Tim Strazzere > > > > On Mon, Jul 16, 2012 at 12:39 PM, Jeff Enderwick <[email protected] > > wrote: > >> Enterprise is typically devices from N carriers, no adb. User allows >> side-loading via settings. >> >> >> On Mon, Jul 16, 2012 at 12:10 PM, Tim <[email protected]> wrote: >> >>> All the source is there, you could use the package manager to push an >>> application and forward lock it via ADB. Secondly, if you control the >>> device and it's OS (can have a system signer) you could implement this via >>> an application via the install_packages permission. >>> >>> That's the beauty of this being open source ;) >>> >>> -Tim Strazzere >>> >>> >>> >>> On Mon, Jul 16, 2012 at 12:07 PM, Jeff Enderwick < >>> [email protected]> wrote: >>> >>>> And also what kind of key this is. For example, if there is a >>>> per-device public key, it would be nice from an enterprise POV to be able >>>> to use this same feature for enterprise/side-loaded apps. >>>> >>>> >>>> On Mon, Jul 16, 2012 at 11:08 AM, Dru <[email protected]> wrote: >>>> >>>>> Thanks for the extra info Nikolay. Has anyone found where the key is >>>>> stored as that seems pivotal to the entire security. Also, it seems the >>>>> protection will fall apart on a rooted device where the package can be >>>>> easily repackaged without the encryption and then redistributed. >>>>> >>>>> On Sunday, July 15, 2012 7:30:17 AM UTC-7, Nikolay Elenkov wrote: >>>>> >>>>>> On Fri, Jul 6, 2012 at 7:24 PM, Kevin Chadwick wrote: >>>>>> >> > on the device. The actual APK saved on disk is not encrypted, so >>>>>> it works >>>>>> >> > just >>>>>> >> > as before and no keys are saved on the device. This certainly >>>>>> does >>>>>> >> > not stop anyone with a rooted devices from pulling the APK from >>>>>> the device. >>>>>> > >>>>>> >>>>>> Now that JB source is out, it turns out there is one more piece to >>>>>> the puzzle >>>>>> -- forward locking. If the 'forward lock' flag is set, an encrypted >>>>>> EXT4 container will be built for the app, and the app itself will be >>>>>> split into a >>>>>> public part (resource) readable by everyone and a private part (the >>>>>> actual APK), >>>>>> readable only by root. The whole thing is loopback mounted under >>>>>> /mnt/asec/package.name, just as it was done for apps moved to the SD >>>>>> card. >>>>>> So paid apps (or apps you installed via adb with the -l option) are >>>>>> indeed >>>>>> encrypted with a device-specific key when stored on the device. Which >>>>>> makes >>>>>> it slightly harder to pull the apk and will probably confuse some >>>>>> backup apps. >>>>>> adb backup seems to filter out forward-locked apks, so you only get >>>>>> the >>>>>> preferences and data files in the backup. >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Android Security Discussions" group. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msg/android-security-discuss/-/Gc2Ogo85-mkJ >>>>> . >>>>> >>>>> To post to this group, send email to >>>>> [email protected]. >>>>> To unsubscribe from this group, send email to >>>>> [email protected]. >>>>> For more options, visit this group at >>>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>>> >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Android Security Discussions" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>> >>> >>> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
