Purebred / AliasShareProvider

Sample project providing facsimile of Purebred Registration's content provider to enable testing alias sharing operations
The Unlicense
0 stars 1 forks source link

What is the correct source for the real Purebred app ? #3

Open anagaraju-vmw opened 4 years ago

anagaraju-vmw commented 4 years ago

Hello,

Before our app communicates with Purebred we perform a signature check against the Purebred app on the device.

We need the correct package name to perform this signature check. We had used this name in the past before "registration.purebred.hound.red.purebredregistration.disa" and then we changed the name to "registration.purebred.hound.red.purebredregistration" (based on this document - https://downloads.redhoundsoftware.com/beta/rhs-ota/purebred-landing/index_aws.html)

Now, looks like there are some customers still using the old package ""registration.purebred.hound.red.purebredregistration.disa""

So can we please get a confirmation on the correct package name ? And the source(like a hyperlink/document) we should always use to look at the latest version of the app?

Thanks

Purebred commented 4 years ago

Some folks still use an apk with package name that predated use of Managed Google Play for distribution.

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:05 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

Hello,

Before our app communicates with Purebred we perform a signature check against the Purebred app on the device.

We need the correct package name to perform this signature check. We had used this name in the past before "registration.purebred.hound.red.purebredregistration.disa" and then we changed the name to "registration.purebred.hound.red.purebredregistration" (based on this document - https://downloads.redhoundsoftware.com/beta/rhs-ota/purebred-landing/index_aws.html)

Now, looks like there are some customers still using the old package ""registration.purebred.hound.red.purebredregistration.disa""

So can we please get a confirmation on the correct package name ? And the source(like a hyperlink/document) we should always use to look at the latest version of the app?

Thanks

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 4 years ago

So, what would you recommend ?

That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?

Purebred commented 4 years ago

I think the issue is that there are three streams of apps: pre-Managed Google Play, app for first 20 organizations under Managed Google Play and app for second group of 20 organizations under Google Play. Will provide the bundle IDs for all three on Monday. The limit has since been raised to 100, so new organizations will land under the first group.

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:49 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

So, what would you recommend ?

That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

Purebred commented 3 years ago

The three bundle identifiers you may see are:

registration.purebred.hound.red.purebredregistration - pre-Managed Google Play

registration.purebred.hound.red.purebredregistration.disa - Managed Google Play stream 1

registration.purebred.hound.red.purebredregistration.disa2 - Managed Google Play stream 2

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:49 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

So, what would you recommend ?

That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

thank you,

but why do you have 3 different bundle Id's for the same app ? Is there a plan sometime in the near future to have and support just one ?

Purebred commented 3 years ago

Because we had to. When the app was first released, it was not in Google Play. However, someone, through some MDM operation, squatted on our bundle ID. So when we went to set up distribution via Managed Google Play, the ID was not available to us. That’s how we got to two bundle IDs. At the time we set out to distribute via Managed Google Play, there was a limit on the number of organizations that could be listed. That number was 20 at the time but has since been raised to 100. Before it was raised to 100, we need to add several organizations forcing us to have yet another bundle ID. There is no good path to having just one.

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 8:38 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

thank you,

but why do you have 3 different bundle Id's for the same app ? Is there a plan sometime in the near future to have and support just one ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

wouldn't this cause issues when it comes to release management of this app ? (For ex., if you updated your app, you'd have to release an update on all 3 bundles)

Purebred commented 3 years ago

I didn’t say it was not painful. I merely explained how we arrived at this point.

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 8:56 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

wouldn't this cause issues when it comes to release management of this app ? (For ex., if you updated your app, you'd have to release an update on all 3 bundles)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

hmmm.. Will the 3 bundles be the limit or do you expect you might have more in the future ? (You introduced a new bundle ID because there was a limit of 20. Now the limit has been raised to 100. So if the number of organizations exceeds 100, do you see the possibility of another bundle ID?)

Purebred commented 3 years ago

At this point, we have headroom for ~175 new organizations. I don’t anticipate exceeding that number. I tend to doubt we exceed the 100 limit on the first Managed Google Play ID. But you are correct, if the number of orgs grows too large we’d either add a third (or look at public app store).

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 9:03 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

hmmm.. Will the 3 bundles be the limit or do you expect you might have more in the future ? (You introduced a new bundle ID because there was a limit of 20. Now the limit has been raised to 100. So if the number of organizations exceeds 100, do you see the possibility of another bundle ID?)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

Is there any way at all you can help us stick to a known set of bundle Id's and package signatures?

The problem we'll face (as would any other any security-conscious client of Purebred) is that as and when you release new bundle Ids, we'd have to update our apps to include the new bundle Id's and their respective public signatures. In some cases we might not even have access to the public-signatures of your apks. (The apk may be installed by some of our customers via managed Play, and only they'd be able to login to that Managed Play to download the Purebred app to their device, not us devs)

Purebred commented 3 years ago

As noted, I do not foresee the introduction of another bundle ID anytime soon. The apks are posted at pbpki.com (in Production section) and on cyber.mil. The latter is the official source but you will need a CAC to access.

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 9:32 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

Is there any way at all you can help us stick to a known set of bundle Id's and package signatures?

The problem we'll face (as would any other any security-conscious client of Purebred) is that as and when you release new bundle Ids, we'd have to update our apps to include the new bundle Id's and their respective public signatures. In some cases we might not even have access to the public-signatures of your apks. (The apk may be installed by some of our customers via managed Play, and only they'd be able to login to that Managed Play to download the Purebred app to their device, not us devs)

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

Can we be sure that every apk that gets posted to the official source would also be posted to pbki.com ? (I don't have CAC to access the official source, and if possible I want to avoid having to get one- not sure if I'd even be eligible to get one )

Purebred commented 3 years ago

I can offer nothing more definitive than best effort to do so (for either source).

From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 10:19 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)

Can we be sure that every apk that gets posted to the official source would also be posted to pbki.com ? (I don't have CAC to access the official source, and if possible I want to avoid having to get one- not sure if I'd even be eligible to get one )

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

anagaraju-vmw commented 3 years ago

Got it, appreciate all the help, and the quick responses so far :)

sayiram commented 1 year ago

Hi whats the github location to get source code for purebred for Android . Thanks inadvance