Open anagaraju-vmw opened 4 years ago
Some folks still use an apk with package name that predated use of Managed Google Play for distribution.
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:05 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Subscribed subscribed@noreply.github.com Subject: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
Hello,
Before our app communicates with Purebred we perform a signature check against the Purebred app on the device.
We need the correct package name to perform this signature check. We had used this name in the past before "registration.purebred.hound.red.purebredregistration.disa" and then we changed the name to "registration.purebred.hound.red.purebredregistration" (based on this document - https://downloads.redhoundsoftware.com/beta/rhs-ota/purebred-landing/index_aws.html)
Now, looks like there are some customers still using the old package ""registration.purebred.hound.red.purebredregistration.disa""
So can we please get a confirmation on the correct package name ? And the source(like a hyperlink/document) we should always use to look at the latest version of the app?
Thanks
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe.
So, what would you recommend ?
That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?
I think the issue is that there are three streams of apps: pre-Managed Google Play, app for first 20 organizations under Managed Google Play and app for second group of 20 organizations under Google Play. Will provide the bundle IDs for all three on Monday. The limit has since been raised to 100, so new organizations will land under the first group.
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:49 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
So, what would you recommend ?
That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
The three bundle identifiers you may see are:
registration.purebred.hound.red.purebredregistration - pre-Managed Google Play
registration.purebred.hound.red.purebredregistration.disa - Managed Google Play stream 1
registration.purebred.hound.red.purebredregistration.disa2 - Managed Google Play stream 2
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Friday, October 30, 2020 at 3:49 PM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
So, what would you recommend ?
That they should be using the version from the Managed Google Play i.e the one with the package name registration.purebred.hound.red.purebredregistration I assume ?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
thank you,
but why do you have 3 different bundle Id's for the same app ? Is there a plan sometime in the near future to have and support just one ?
Because we had to. When the app was first released, it was not in Google Play. However, someone, through some MDM operation, squatted on our bundle ID. So when we went to set up distribution via Managed Google Play, the ID was not available to us. That’s how we got to two bundle IDs. At the time we set out to distribute via Managed Google Play, there was a limit on the number of organizations that could be listed. That number was 20 at the time but has since been raised to 100. Before it was raised to 100, we need to add several organizations forcing us to have yet another bundle ID. There is no good path to having just one.
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 8:38 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
thank you,
but why do you have 3 different bundle Id's for the same app ? Is there a plan sometime in the near future to have and support just one ?
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
wouldn't this cause issues when it comes to release management of this app ? (For ex., if you updated your app, you'd have to release an update on all 3 bundles)
I didn’t say it was not painful. I merely explained how we arrived at this point.
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 8:56 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
wouldn't this cause issues when it comes to release management of this app ? (For ex., if you updated your app, you'd have to release an update on all 3 bundles)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
hmmm.. Will the 3 bundles be the limit or do you expect you might have more in the future ? (You introduced a new bundle ID because there was a limit of 20. Now the limit has been raised to 100. So if the number of organizations exceeds 100, do you see the possibility of another bundle ID?)
At this point, we have headroom for ~175 new organizations. I don’t anticipate exceeding that number. I tend to doubt we exceed the 100 limit on the first Managed Google Play ID. But you are correct, if the number of orgs grows too large we’d either add a third (or look at public app store).
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 9:03 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
hmmm.. Will the 3 bundles be the limit or do you expect you might have more in the future ? (You introduced a new bundle ID because there was a limit of 20. Now the limit has been raised to 100. So if the number of organizations exceeds 100, do you see the possibility of another bundle ID?)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
Is there any way at all you can help us stick to a known set of bundle Id's and package signatures?
The problem we'll face (as would any other any security-conscious client of Purebred) is that as and when you release new bundle Ids, we'd have to update our apps to include the new bundle Id's and their respective public signatures. In some cases we might not even have access to the public-signatures of your apks. (The apk may be installed by some of our customers via managed Play, and only they'd be able to login to that Managed Play to download the Purebred app to their device, not us devs)
As noted, I do not foresee the introduction of another bundle ID anytime soon. The apks are posted at pbpki.com (in Production section) and on cyber.mil. The latter is the official source but you will need a CAC to access.
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 9:32 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
Is there any way at all you can help us stick to a known set of bundle Id's and package signatures?
The problem we'll face (as would any other any security-conscious client of Purebred) is that as and when you release new bundle Ids, we'd have to update our apps to include the new bundle Id's and their respective public signatures. In some cases we might not even have access to the public-signatures of your apks. (The apk may be installed by some of our customers via managed Play, and only they'd be able to login to that Managed Play to download the Purebred app to their device, not us devs)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
Can we be sure that every apk that gets posted to the official source would also be posted to pbki.com ? (I don't have CAC to access the official source, and if possible I want to avoid having to get one- not sure if I'd even be eligible to get one )
I can offer nothing more definitive than best effort to do so (for either source).
From: 'anagaraju-vmw' via Purebred Github purebred@redhoundsoftware.com Reply-To: Purebred/AliasShareProvider reply@reply.github.com Date: Monday, November 2, 2020 at 10:19 AM To: Purebred/AliasShareProvider AliasShareProvider@noreply.github.com Cc: Purebred purebred@redhoundsoftware.com, Comment comment@noreply.github.com Subject: Re: [Purebred/AliasShareProvider] What is the correct source for the real Purebred app ? (#3)
Can we be sure that every apk that gets posted to the official source would also be posted to pbki.com ? (I don't have CAC to access the official source, and if possible I want to avoid having to get one- not sure if I'd even be eligible to get one )
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.
Got it, appreciate all the help, and the quick responses so far :)
Hi whats the github location to get source code for purebred for Android . Thanks inadvance
Hello,
Before our app communicates with Purebred we perform a signature check against the Purebred app on the device.
We need the correct package name to perform this signature check. We had used this name in the past before "registration.purebred.hound.red.purebredregistration.disa" and then we changed the name to "registration.purebred.hound.red.purebredregistration" (based on this document - https://downloads.redhoundsoftware.com/beta/rhs-ota/purebred-landing/index_aws.html)
Now, looks like there are some customers still using the old package ""registration.purebred.hound.red.purebredregistration.disa""
So can we please get a confirmation on the correct package name ? And the source(like a hyperlink/document) we should always use to look at the latest version of the app?
Thanks