On Sun, Jul 22, 2012 at 3:10 AM, Anders Rundgren <[email protected]> wrote: > What is Android's counterpart to: > > ... > > I'm personally unconvinced that it was a wise decision by Apple making > certificate enrollment a part of protection profile deployment because there > are a lot of scenarios (particularly in the consumer-space) where you only > want a key but not getting your device "hijacked" by the service provider. > I agree with you about the risk involved with OTA, but its needed by the enterprise. Can you imagine tethering 30,000 or 50,000 devices to securely enroll a device? The system admins will tar and feather you. Its much easier to point folks to a one-time, password protected URL and move on.
This is really the key distribution problem in disguise. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
