03-23-2012 03:25 PM
Sharing functionalities are limited to other applications within the corporate permiter which have also been approved by the administrator. The risk becomes greatly minimized.
We're now entering into 2 separate discussions:
1) Application permissions/control policies
2) Custom application configuration parameters
1 is not really up to the application, it is a BES-controlled setting. The BES cannot trust each application to comply with security standards so this must be applied to the system to enforce. A few of these exist today and it should continue to grow. If you need more information I would recommend posting to the BES forum:
2 is akin to today's custom IT Policies. This is not available today for PlayBook but should be in the future. This is one that I would recommend logging as a feature request in Issue Tracker so you can track its progress.
03-23-2012 03:26 PM
Also, when deploying apps to hundereds of devices an IT admin would want to preconfigure settings, lock them down and be able to update them remotely. For instance, tell the app what server to talk to.
03-23-2012 03:27 PM
Application Control Policies today would handle the permissions. Upgrading would also be handled by the BES, it should not be up to the application to be able to update itself.
Are you familiar with how the BES functions today for application permissions and upgrades? Applications do not need to enforce their own permissions and all upgrades are handled by the BES.
03-23-2012 03:32 PM
I'm not talking about sharing files with other applications on the device, I'm talking about sharing info - files or otherwise - via social media, dropbox, facebook etc. Like a "share on facebook" button.
You are right that they are two different requirements, but they are both very much related as far as app developers are concerned.
03-23-2012 03:36 PM
Depelopers shouldn't be concerned with how the BES applies permissions, though any developer should be aware of what permissions could be imposed by the device (whether it comes from the BES admin or the user). Is there a user case where an application would need to specifically know that the BES set a permission?
As for sharing with social media apps, the corporate permiter would normally be restricted for business applications. Only applications in this perimiter, as designated by the BES admin, would be able to share information or read data from the corporate section of the device. If the administrator were to choose social apps to be in this perimiter then it would be at their discretion.
03-23-2012 03:49 PM
Many perfectly useful apps have social features. Consider a presentation app with an online template library. While in its core it isn't a social app, it may have a Tweet-this function. For it to be usable in a corporate environment the IT admin would need to be able to disable that and only that function. Denying the app access to internet or to files on the device is too broad for many real-world scenarios.
03-23-2012 03:58 PM
BES admins can restrict access to only supported URLs.
If deeper application configuration is needed then custom IT policies, mentioned in my earlier post could be used (once available for PlayBook applications). This would require the application to watch for these settings and the BES admin to set them.