I'm not sure about that - I have one app that I loaded from a website without any changes to the default iOS security posture. It was not approved for the App Store because it broke a couple of video API rules.
That doesn't sound easy. How did you manage that on iOS?
So your normal, everyday user can't go into their iPhone settings and allow the installation of 3rd party apps. Thanks for the clarification as the article appeared to suggest otherwise.
From DED's original article:
"When a developer deploys apps through Apple's App Store, the app is "signed" or encrypted by the developer's private key. Under iOS, there's no way to turn this off unless users purposely "jailbreak" the security system, a process that exploits an existing vulnerability in order to turn off the system's verification of app signatures."
and later:
"Enterprise users may want to distribute a custom app to only their own employees, rather than making it available in the App Store. For these users, Apple has made it possible to effectively sideload iOS apps along with a provisioning profile that vouches for the app."
I'm not sure about that - I have one app that I loaded from a website without any changes to the default iOS security posture. It was not approved for the App Store because it broke a couple of video API rules.
That doesn't sound easy. How did you manage that on iOS?
I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
I was curious because as a developer myself, I could not just email you my app and expect you to be able to run it as you would need a distribution certificate from me which matched the signature of my app. Obviously, if the website you used was a corporate one for which you also had a corresponding distribution certificate I can understand it but otherwise, as a 'joe public' user, it would not be easy. You also say that it was not approved as it broke a couple of video API rules - given that an enterprise app is not likely to be distributed via the App Store it seems to muddy the waters even more ...
I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
I was curious because as a developer myself, I could not just email you my app and expect you to be able to run it as you would need a distribution certificate from me which matched the signature of my app. Obviously, if the website you used was a corporate one for which you also had a corresponding distribution certificate I can understand it but otherwise, as a 'joe public' user, it would not be easy. You also say that it was not approved as it broke a couple of video API rules - given that an enterprise app is not likely to be distributed via the App Store it seems to muddy the waters even more ...
That was the issue - it was not a corporate site for which I had a distribution certificate - it was a commercial site and a control app for one of their products. At the time the app was under beta testing, and so a limited number of users were invited to test it, but all that was provided to me by the company was the link. Since then the app has been "released", in the sense that that the company advertised the link, but it is still not in the App Store. The video API problem is almost certainly still the reason. I can send you the link if you are interested.
Guys , see how a gadget can prevent Wireluke virus and unknown chargers from Stealing and infecting personal Phone data on Indiegogo in 60 seconds. http://igg.me/at/SpyD-IphoneHack/
Comments
I'm not sure about that - I have one app that I loaded from a website without any changes to the default iOS security posture. It was not approved for the App Store because it broke a couple of video API rules.
That doesn't sound easy. How did you manage that on iOS?
So your normal, everyday user can't go into their iPhone settings and allow the installation of 3rd party apps. Thanks for the clarification as the article appeared to suggest otherwise.
From DED's original article:
"When a developer deploys apps through Apple's App Store, the app is "signed" or encrypted by the developer's private key. Under iOS, there's no way to turn this off unless users purposely "jailbreak" the security system, a process that exploits an existing vulnerability in order to turn off the system's verification of app signatures."
and later:
"Enterprise users may want to distribute a custom app to only their own employees, rather than making it available in the App Store. For these users, Apple has made it possible to effectively sideload iOS apps along with a provisioning profile that vouches for the app."
Seemed crystal clear to me.
I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
I was surprised that it worked at all, but all I did was follow a link to the website and confirm that I wanted to install the app. It's clearly done using the enterprise system, but did not require registering my iOS device.
I was curious because as a developer myself, I could not just email you my app and expect you to be able to run it as you would need a distribution certificate from me which matched the signature of my app. Obviously, if the website you used was a corporate one for which you also had a corresponding distribution certificate I can understand it but otherwise, as a 'joe public' user, it would not be easy. You also say that it was not approved as it broke a couple of video API rules - given that an enterprise app is not likely to be distributed via the App Store it seems to muddy the waters even more ...
That was the issue - it was not a corporate site for which I had a distribution certificate - it was a commercial site and a control app for one of their products. At the time the app was under beta testing, and so a limited number of users were invited to test it, but all that was provided to me by the company was the link. Since then the app has been "released", in the sense that that the company advertised the link, but it is still not in the App Store. The video API problem is almost certainly still the reason. I can send you the link if you are interested.
https://www.us-cert.gov/ncas/alerts/TA14-317A
https://www.us-cert.gov/ncas/alerts/TA14-317A
And given that ~30% of people trust the government, this just reenforces their stupidity.
Thanks for the above given stuffs, its really helpful for all.
http://igg.me/at/SpyD-IphoneHack/