Question

I just purchased some software that requires Adobe Air to run it's (NOT EVEN REMOTELY) "native" Mac app.

Alternatively it is supposed to run from the web with Flash. Right after finding out that was when I found out I don't have Flash installed. I consider that a really good thing -- I know how bad flash is!

I can actually just call it off and get a refund. But they also have an iOS version that is probably all I'd really use anyway. So plan A right now is to install the iOS and not have it on my MacBook.

I'd like opinions on exactly how virulent this particular Adobe virus is and if it is something I'll be happier if I never install.

Are there documented security reviews or some guidelines I can take in evaluating the security of an Air app in general?

Was it helpful?

Solution

Well, it's just an app framework, so depending on what your needs are it could be a savior so you don't have to spend any energy or money working on an app to a really bad piece of software.

I personally have held the line on flash and air and insisted that most apps run on iOS to avoid having to deal with those app frameworks, but not everyone can insist on that.

It wouldn't be less draconian and less secure to insist that developers sign their apps with a developer certificate and that you deny all prompts if you don't understand the security risks.

Applications deployed on Adobe AIR have powerful capabilities and access to local data, so this dialog box provides information about who built the application and allows you to decide whether to install it. If someone you trust developed the application and you would like to install it, then selecting Yes will allow the installation to proceed. If you do not recognize the developer or it is someone you do not trust, then you should not install the application.

Since Adobe doesn't even link to their security white paper from the FAQ, you can infer how invested they might be in having people learn about the security of that product. (You could equally give them a pass and ask for that link or search for it as well - It might not be intentional and Apple also has gaps in their web pages from time to time, so I’ll not pile on Adobe too much for one missing KB article link)

If that breaks the software, I would ask for a refund. You'd be well protected if your Mac doesn't allow non-app store / non-signed apps to run. Adobe is really clear, the air apps persist on your machine and are security risks just like all native apps that are not signed and don't work in a sandbox are.

Also, if you assume an educated user, always updating apps and plug in, never giving away admin password - I could see Air or Flash being a security neutral or managed risk. If you don't, I would avoid using them since you do need to learn, understand, manage the risk of more frameworks and letting flash (air) run on your Mac.

OTHER TIPS

In general it is pretty bad as it is a framework designed for developers with a more selective view of software engineering, often causing total reliance on the runtime for things like security and performance. Sadly, we all know how well that went with things like flash, silverlight and java applets.

If it is easy to write bad code but make money anyway, bad code will be written. Things like Adobe AIR facilitate that.

Licensed under: CC-BY-SA with attribution
Not affiliated with apple.stackexchange
scroll top