Downloading apk

Richard Gaskin ambassador at fourthworld.com
Tue Jul 23 13:43:01 EDT 2019


J. Landman Gay wrote:

 > On July 20, 2019 2:36:07 PM Richard Gaskin via use-livecode
 > <use-livecode at lists.runrev.com> wrote:
 >
 >> J. Landman Gay wrote:
 >>
 >>> I'll just direct the user to the web site where
 >>> they can click a link and it installs.
 >>
 >> Wouldn't that require instructing end-users to first turn off
 >> critical security features in Android?
 >
 > Kind of, sometimes. There is already a message on the web site that
 > users need to enable "Unknown Sources" in order to download. But it
 > does vary by OS. On Android 9 the OS puts up a dialog asking if you
 > want to download and stores your preference per app for future
 > updates. On earlier versions of the OS they need to go into system
 > settings.
 >
 > In any case, users will not be the general public and will be
 > expecting a private download for a specific purpose. After the app is
 > downloaded, they can turn off Unknown Sources if they like. Also,
 > Android's built-in malware scanning works regardless of the system
 > setting, so not all security features are turned off.


If it's a very small audience comprised of security professionals or 
advanced developers who have the background to appreciate the 
implications of turning off that security feature, it may be no problem.

Security is built around belt-AND-suspenders for good reason; each layer 
has its own strengths, and its own weaknesses.

If no other means of distributing this module is possible, perhaps at a 
minimum the page could include a notice in large, bold, red type 
reminding them to turn the security feature back on immediately after 
downloading.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the use-livecode mailing list