I have an application which runs on an organization's server. I also have a mobile application which the users of the organization can download from the app store.
I want the person managing the application on the server side to be able to select the users and install the mobile application remotely on the user's devices without users having to go to the store to download it.
How do I do this for my iOS app and is it possible to do this for Android apps?
Since it is an enterprise app, the iOS app has to be trusted by Apple for users to use it. I don't want the user to trust the app manually by going to settings.
On ANdroid you can't silently install it. You can download it and attempt to install it, which will prompt the user for permission. To silently install, you'd need to be a system app with the appropriate permission. Which means you'd need rooted devices, which more or less means devices you guys but and maintain. But if that's a viable path you should check out device ownership policies and the amount of control you have that way.
Just to add to #Gabe, what you can do is, you can have your basic app installed on the device and then request request to install further content.
Related
The app has basic authentication (with google account) and a firebase database. After authentication the user is allowed to import user data from paypal into the firebase database trough the Java SDK for PayPal REST API that I've imported into my app. Could the app be forced to import fake data into the firebase db if someone run it in a rooted enviroment with a fake SSL certificate, dns server and paypal server?
From another answer:
Regarding the security risks for running apps on rooted phones. A very simplistic example would be, if an application caches an authenticated session cookie (or password) in an area in the phone that cannot be generally accessed by the user (on non rooted phones), then it can be accessed on rooted phones. (Loosing a rooted phone can lead to password theft or cookie theft quite easily)
A not so simplistic example would be an attacker trying to run an application on a rooted phone and using maybe IP tables on the android phone to redirect traffic to a proxy (for an application that cannot be generally proxyed).
To protect against these kind of threats, applications employ root protection mechanisms that results in applications not running on rooted phones or running in a restricted manner on rooted phones.
There are counter applications that try to hide root capability to bypass root detection defense mechanism. They work at times.
But a really skilled attacker can go upto the level of modifying the source code of the apk and using modified version of the application to suite his purpose.
Hence the best way for an application is to not rely on the client side for protecting sensitive data or on the integrity of the data received ( the source code or the assumption that the application will not work on a rooted phone)
Furthermore; Google itself does not allow using Google Pay on rooted devices, A google developer discussed the reasons here. It might also be interesting to know how Google detects if a device is rooted or not by something called safetyNet.
I want to give a mobile device to 10 employees with Device Administration installed application which is also connected with server. I can select the number of employees from server and i can push the mobile app to the selected employees.
The app should get downloaded and installed without getting the user permission. Is it possible to achieve? If it is yes then please provide me some links and examples. Just I want to restrict what are all the apps they can use it.
The functionality you're looking for is provided by EMM's (Enterprise Mobility Management). Some examples are Airwatch and MobileIron. Once your devices are provisioned using the EMM's... you can force install certain apps silently, enforce VPN's, security restrictions, track location and usage, lock the phone, and wipe data.
https://www.mobileiron.com/
http://www.air-watch.com/
I have the following requirement for a client, could you advise me the correct direction.
Client wants and Android device which is fully controlled by device remote admin features. Where I need to accomplish following features.
Lock Play store so users cannot install apps
User access certain apps in certain time of the day
User should be able to use the phone only a specific.
All these parameters, can be changed from a remote admin panel.
Could you provide me with some article or something which helps me do that.
I see this : http://developer.android.com/guide/topics/admin/device-admin.html
There are plenty of software in Google play which can be used to locate your phone when it is lost/stolen. There is a daemon running in the phone and you contact that daemon through internet over a web site.
There are two ways of doing this. The daemon can send the details like IP to a server periodically and the server can use those details to contact the phone. But this approach has a higher overhead.
Instead there should be another way to do this. In Google play (Earlier Market) a user can select an application and the device using web interface and the relevant software is automatically downloaded to the phone which is properly configured with the same Google account. How do I mimic this behaviour with a custom application.
As an example I am trying to develop an android application that can associate with a google account and then I should be able to connect to the phone over a web site given the Google credentials.
You usually don't want your app to be a daemon, as those eat batteries. Instead implement this with C2DM. When the app first launches, it registers with the website; later, when the owner wants to locate his/her/its phone, they login into said website, click the "find my phone" button, a "wherefore art thou" notification is sent to the phone, which does an HTTP POST to the website with its GPS location. The website shows it, or emails it, to the owner, who then rolls with the posse.
Can an application be remotely uninstalled/deleted?
We cannot uninstall an application without user intervention, therefore uninstalling/deleting an application remotely is not possible.
This is actually possible but you cannot do it. Only Google can (to remove malware downloaded from the Market I guess)
If you want controls like a remote wipe of data/ encryption though, read about Device Admin