BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   BES App Whitelists = Not Really (http://www.blackberryforums.com/bes-admin-corner/261715-bes-app-whitelists-not-really.html)

Stu_Bee 09-27-2012 12:40 PM

BES App Whitelists = Not Really
 
I've spent sometime researching how to implement whitelists in BES 5.x, and it seems that it really isn't implementable in a normal whitelist way.

Requirements:
- Provide a list of applications that users are allowed to run/install.
- Block all other apps.

=====
Possible Solution One: Use App control policies and set unlisted apps to "unallowed" and publish allowed apps, listed with 'optional"

Why this doesn't work: If you wish to allow users to install 200 approved apps, but not force it on them to install them....this is not the way to go. Apparently eventhough the app is listed as "optional" it still attempts to push the app to the device. The optional part just means they can delete it, or possibly skip it on a prompt.
========
Possible Solution Two: App world "Application restriction List" which is a txt string of allowed ID's to be installed on the device.

Why this won't work: (a)Users would still be able to sideload apps, (b) not all apps appear in appworld (like googlemaps) so if you could lock it down to appworld, you may be losing a lot of necessary apps.
=========

Are there any solutions you guys have implemented for optional whitelist apps (and blacklist all others)? Or am I incorrect in the above items.

thanks.

fadmin 09-28-2012 12:07 PM

Re: BES App Whitelists = Not Really
 
try solution 2 along with:
Security>Application Installation Methods:

Disallow Browser
Disallow Media Card
Disallow USB

That may get you where you want or almost there. What you want works well in BDS though...

Stu_Bee 09-28-2012 07:08 PM

Re: BES App Whitelists = Not Really
 
Quote:

Originally Posted by fadmin (Post 1788762)
try solution 2 along with:
Security>Application Installation Methods:

Disallow Browser
Disallow Media Card
Disallow USB

That may get you where you want or almost there. What you want works well in BDS though...

That sounded really promising for a moment. But after a bit of research it sounds like the "application installation methods" are only supported on 7.1 handhelds, which 90% of our users do not have.

fadmin 10-01-2012 08:41 AM

Re: BES App Whitelists = Not Really
 
Probably that is the closest you'd get for the requirement you have. Was wandering if you want to make 200 apps optional you may as well let them install whatever they want. :-P Another thing you may try is to create small internal website with all allowed apps and install it from there.
I know it does not help you but as I said they did get it right in BDS and will do what you want .

Stu_Bee 10-01-2012 11:00 AM

Re: BES App Whitelists = Not Really
 
Quote:

Originally Posted by fadmin (Post 1788912)
Probably that is the closest you'd get for the requirement you have. Was wandering if you want to make 200 apps optional you may as well let them install whatever they want. :-P Another thing you may try is to create small internal website with all allowed apps and install it from there.
I know it does not help you but as I said they did get it right in BDS and will do what you want .

- The 200 number was, of course, just an example. It was to show how unacceptable RIM's software config 'whitelist' option is, because it tries to push the apps to the handhelds, rather than just allowing.
- How does "creating an internal site for allowed apps" prevent users from installing from other sources. Remember the point of this was to prevent users from installing any apps except x, y, z.
- You are correct, requiring BDS and the currently vaporware BB10 devices, and then requiring the entire company upgrade to these new devices so that this policy can be enforced, is not realistic.

It's always this type of seemingly simple security request that makes you think you are missing something when you can't figure out how to implement it.

nobody7290 10-02-2012 04:10 AM

Re: BES App Whitelists = Not Really
 
Just an idea:
If you use the whitelist, but, remove the actual applications from the Server, and put them somewhere else where people could browse and then install the applications based on their individual needs ?

PalantirComputers 10-17-2012 01:14 PM

Re: BES App Whitelists = Not Really
 
Another idea:

Use an Application Management tool like SystAG AppWorld.

Easy to set up approved apps, license management, device specific app deployments (and updates) - OTA too. Oh, and it also works for Android - iOS is coming soon.


All times are GMT -5. The time now is 01:44 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.