-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i dont have seen any enterprise enviroment either but wouldnt be the best to provide an own market app with own repo for all the apps?
greetings On 2012-07-16 21:53, Tim wrote: > So the environments would let users install via side loading (which > isn't OTA either), but not via adb pm install? That seems odd. > > Though if that's the requirement, it would seem those environments > would be SOL. > > -Tim Strazzere > > > On Mon, Jul 16, 2012 at 12:49 PM, Jeff Enderwick > <[email protected]>wrote: > >> Not gonna fly in any enterprise environment I know. It all has to >> happen OTA. >> >> >> On Mon, Jul 16, 2012 at 12:46 PM, Tim <[email protected]> wrote: >> >>> Sorry, are you saying an enterprise IT department couldn't use >>> ADB to provision the device prior to giving it out? >>> >>> This might not work so well in BOYD, but if you wanted the >>> enterprise app, hand it over to IT, let them enable ADB/install >>> and disable ADB? >>> >>> -Tim Strazzere >>> >>> >>> >>> On Mon, Jul 16, 2012 at 12:39 PM, Jeff Enderwick < >>> [email protected]> wrote: >>> >>>> Enterprise is typically devices from N carriers, no adb. User >>>> allows side-loading via settings. >>>> >>>> >>>> On Mon, Jul 16, 2012 at 12:10 PM, Tim <[email protected]> >>>> wrote: >>>> >>>>> All the source is there, you could use the package manager >>>>> to push an application and forward lock it via ADB. >>>>> Secondly, if you control the device and it's OS (can have a >>>>> system signer) you could implement this via an application >>>>> via the install_packages permission. >>>>> >>>>> That's the beauty of this being open source ;) >>>>> >>>>> -Tim Strazzere >>>>> >>>>> >>>>> >>>>> On Mon, Jul 16, 2012 at 12:07 PM, Jeff Enderwick < >>>>> [email protected]> wrote: >>>>> >>>>>> And also what kind of key this is. For example, if there >>>>>> is a per-device public key, it would be nice from an >>>>>> enterprise POV to be able to use this same feature for >>>>>> enterprise/side-loaded apps. >>>>>> >>>>>> >>>>>> On Mon, Jul 16, 2012 at 11:08 AM, Dru >>>>>> <[email protected]> wrote: >>>>>> >>>>>>> Thanks for the extra info Nikolay. Has anyone found >>>>>>> where the key is stored as that seems pivotal to the >>>>>>> entire security. Also, it seems the protection will >>>>>>> fall apart on a rooted device where the package can be >>>>>>> easily repackaged without the encryption and then >>>>>>> redistributed. >>>>>>> >>>>>>> On Sunday, July 15, 2012 7:30:17 AM UTC-7, Nikolay >>>>>>> Elenkov wrote: >>>>>>> >>>>>>>> On Fri, Jul 6, 2012 at 7:24 PM, Kevin Chadwick >>>>>>>> wrote: >>>>>>>>>>> on the device. The actual APK saved on disk is >>>>>>>>>>> not encrypted, >>>>>>>> so it works >>>>>>>>>>> just as before and no keys are saved on the >>>>>>>>>>> device. This certainly >>>>>>>> does >>>>>>>>>>> not stop anyone with a rooted devices from >>>>>>>>>>> pulling the APK from >>>>>>>> the device. >>>>>>>>> >>>>>>>> >>>>>>>> Now that JB source is out, it turns out there is one >>>>>>>> more piece to the puzzle -- forward locking. If the >>>>>>>> 'forward lock' flag is set, an encrypted EXT4 >>>>>>>> container will be built for the app, and the app >>>>>>>> itself will be split into a public part (resource) >>>>>>>> readable by everyone and a private part (the actual >>>>>>>> APK), readable only by root. The whole thing is >>>>>>>> loopback mounted under /mnt/asec/package.name, just >>>>>>>> as it was done for apps moved to the SD card. So paid >>>>>>>> apps (or apps you installed via adb with the -l >>>>>>>> option) are indeed encrypted with a device-specific >>>>>>>> key when stored on the device. Which makes it >>>>>>>> slightly harder to pull the apk and will probably >>>>>>>> confuse some backup apps. adb backup seems to filter >>>>>>>> out forward-locked apks, so you only get the >>>>>>>> preferences and data files in the backup. >>>>>>>> >>>>>>> -- You received this message because you are subscribed >>>>>>> to the Google Groups "Android Security Discussions" >>>>>>> group. To view this discussion on the web visit >>>>>>> https://groups.google.com/d/msg/android-security-discuss/-/Gc2Ogo85-mkJ >>>>>>> >>>>>>> . >>>>>>> >>>>>>> To post to this group, send email to >>>>>>> [email protected]. To >>>>>>> unsubscribe from this group, send email to >>>>>>> [email protected]. >>>>>>> For more options, visit this group at >>>>>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>>>>> >>>>>> >>>>>> >>>>>>> - -- >>>>>> You received this message because you are subscribed to >>>>>> the Google Groups "Android Security Discussions" group. >>>>>> To post to this group, send email to >>>>>> [email protected]. To unsubscribe >>>>>> from this group, send email to >>>>>> [email protected]. >>>>>> For more options, visit this group at >>>>>> http://groups.google.com/group/android-security-discuss?hl=en. >>>>>> >>>>> >>>>> >>>> >>> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJQBHIGAAoJEAhgHfpCPcybNhIH/325jWEb53qTksWJbWfaWUeg AOOT2YWWf8rNDkGzqSpEb30d0juLfbHZQ0u3DADQby52ghN7c0uElinQRluxqKra SnjXtpF3JhvAnleMW+NrTESI5R4qV+vztaVs5I3+iex26PQ1yXJ/E6i7aOBxZI+3 +ih7gLxJwmtj0eXvjjefZqctagXDTkRcQv68ckZ8gj+HOCS4BAJaoLb5SGPhV75u vgJC94mYU+0KAkuioSmsJUMFTRwLC5E2+ORmEuAWMCr0fSAvUUiOyMqHb6/gFmRc 7eKzYnWy3BMXYMnQtdUl3VnDD2+XNofqS4OsNNSW0QTbE1dOtaDB1dRnF9gpKRQ= =FLW+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
