Hi all,
We are planning to implement one-time app download link support for mobile
application installation/download in App Manager 1.2.0. The main objective
of introducing this feature is to overcome security issues with the current
approach of installing mobile apps.
Below is the designed approach of achieving $Subject.
According to above,
- User login to App Store and make subscription/installation to a
particular mobile app
- One time download link is generated for the user
(/binaries/one-time/{UUID}) and the mapping of generated UUID and
the actual binary file is persisted in a Database table. The status of the
download will be marked as 0 to indicate that the download link has not
been used yet.
- The device will access the binary download API via the generated UUID
to install the app. When the download/installation is completed, the status
of the binary downloadable URL reference will be marked as 1 to indicate it
has been used once. After an app download, any other access to the link
will be prohibited.
There are few concerns regarding the implementation.
- The generated download link is not secured since it is a one-time
download link. Is there a security concern regarding this approach?
- According to above, a single user will have to generate separate app
download links, in a case where he has several devices to download the app.
In that case, are we going to limit (Configurable limit) the number of
download links that can be generated by a single user?
- Are we going to persist the details of the device (device id) that the
download link had been generated for so that we can enforce the security?
Your comments and suggestions are highly appreciated.
Thanks
Thilini
--
Thilini Shanika
Senior Software Engineer
WSO2, Inc.; http://wso2.com
20, Palmgrove Avenue, Colombo 3
E-mail: tgtshan...@gmail.com
_______________________________________________
Architecture mailing list
Architecture@wso2.org
https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
