How are people handling the distribution for Enterprise apps on WP7?
I have an app that is real basic and only has some static info, but I don't want to put it in the Public Market with the Hidden option enabled because that doesn't seem secure enough. It seems like if there was a way to verify that the user has a company email account setup on the phone on startup that would unlock the app, but I dont think thats possible.
There's currently no features in assisting for enterprise apps. You'll have to verify the authenticity of the user in your application, by requesting credentials, or requiring the application to be on a company network (or visa versa).
As for distribution, hidden publication is the only real option you have, as beta-distribution is limited to a few accounts.
Related
I'm publishing my Flutter apps for iOS on a service called Macincloud, where i rent a mac using a personal account.
I'm new to mac os, and i have a question about xcode/apple developer accounts:
If i log in on xcode with my apple developer account, can other users on the same mac use that account as well? And do administrators have access to my xcode account?
I'm aware that my certificates are located in my keychain, and that other users can't access those. And i delete my code from the mac everytime i log out, so administrators can't get access to it.
But i'm not sure about how this works with xcode/apple developer accounts.
I have multiple user accounts on my machine that I use not only for my own stuff, but for clients as well. I create a new user account for each client as way to sandbox things between clients. I do work in Xcode for those clients.
The developer accounts you setup in Xcode in the Preferences are only for that specific user. I switched between a few accounts to confirm this.
Admin accounts can of course circumvent things. For example, my personal user account is the admin whereas my other client accounts are not. When using my admin account, Using my personal account I can change the permissions as I want which would let me see certain things.
However given this is a paid service, I would suspect that unless the admin was rogue, they have very little incentive to checkout out your stuff.
We want to use a technical user in a mobile application (iOS). This user needs to access MS Graph API.
I currently find no method to acquire a token from mobile without any UI interaction.
Is there any way we can achieve this is a clean way?
In the case of devices and operating systems (e.i. IoT) that do not provide a web browser, you can use the device code flow, which lets the user use another device (computer or mobile phone) to sign-in interactively. Here's more info on using device code flow with msal.
Using a mobile device, which is a public client, has many ways of acquiring a token (including silently, assuming a token is already in the cache), most of which involve a UI. Public clients are run on devices or desktop machines and are not trusted to safely keep application secrets. Here's more information on public client applications for msal .NET, which supports Xamarin iOS.
I have been trying to make my application verified for quite some time already. The main problem that I have is that my homepage and other pages(except web hooks for push-notifications and oauth2 flow) are private (because it's dev environment, not prod) and if you try to access them from the Internet, firewall will not allow you doing so.
Considering what I wrote above, I posted OAuth Developer Verification Form with the links to my app that aren't accessible for the external network. Now I got the following message from Google:
Dear Developer,
Thank you for your patience. Please reply back with a test account email and password, so we can experience the user sign-up flow, validate the app services and then proceed with OAuth Verification process.
Please do not hesitate to reach out to us if you have questions or concerns.
Even if I provide the account in my application, Google will not be able to reach the application.
I am sure that there are thousands of applications that have DEV/QA and other environments that aren't accessible from the Internet.
How do you go through verification process?
How do you go through the process in general?
What URLs do you specify in the form? Are they private?
How do you provide user for the Google if you application is not available through the Internet(only web-hooks are available)?
This was so easy for PROD environment, but appears a real nightmare for DEV environments.
Thank you!
WhatsApp just announced a new web application see here.
For some reason, the interface requires the phone to be connected all the time. Is it for performance reasons (not to create additional load on their current servers)? Is there any other constraint that cause that?
The official explanation:
Your session on WhatsApp Web is an extension of WhatsApp on your
phone. WhatsApp Web connects to your phone to sync messages, thus you
can see all messages on both devices. Thus, the first requirement to
being able to use WhatsApp Web is an active WhatsApp account on your
smartphone.
Source: https://www.whatsapp.com/faq/en/web/28080002
As you may know your Whatsapp history is only being stored in a database on the phone itself. To see that history in your web browser, it needs to get it from the phone. Whatsapp could have redesigned it, so that everything is stored in the cloud (as many competing messaging apps do). But that seems to be against their philosophy. They keep it tighly coupled to a (one) phone. As you may know you cannot install Whatsapp on multiple phones using the same account. The web interface is just a remote for Whatsapp running on your phone.
And even though I don't know for sure, I think it's more secure too. It wouldn't surprise me if the data that's sent between the web app and the phone is encrypted in a way that even Whatsapp themselves cannot decrypt. Maybe the QR code is generated client-side (in the browser) and by scanning it using the app there is no need to exchange the keys through Whatsapp's servers. That way they don't ever get the encryption keys and will not be able to inspect the data that gets routed through their servers.
Note: Of course Whatsapp could at any time change their implementation of both the app or the web app and enable eavesdropping.
My institute currently has a local domain running on Windows Server, like a lot of business networks. I would like to build a web app that users can log into using their Windows login credentials, so that they don't have to manage multiple usernames and passwords.
Is this possible?
The app would be built with node.js and designed so that it could launch on mobile devices that are not on the network.
Also, I'm a student so please forgive my overwhelming ignorance on the matter. :)