Revised AIR 1.5.2 Application Install Experience

The Adobe AIR 1.5.2 release is now available. There are relatively few changes in it, given that it’s a minor release, but I’ll nonetheless be posting a few entries about the more interesting changes.

Perhaps most interesting of all is that we’ve revised the much-loved unrestricted system access warning that’s displayed during application install. I think you’ll be pleased with the new design:

AIR1.5.2RevisedPublisherPanel.png

Please note that this change applies only to applications signed with certificates that are trusted on the targeted machine. I hope you’ll find some comfort in knowing that we do, indeed, listen to–and appreciate–your feedback.

11 Responses to Revised AIR 1.5.2 Application Install Experience

  1. AWESOME! AWESOME! AWESOME! THANK YOU.

  2. Tom Esposito says:

    Thanks you so much!!!

  3. leef says:

    Why hasn’t Adobe AIR exactly copied the OS installation install warning/process? On Vista it should look and use the same verbiage as the Vista’s native installer, on OS X it should look and use the same verbiage as the OS X installer….etc

  4. Your application is signed but there is still a question mark on top like with previous AIR version, why not a valid check instead?Despite this, that’s a great!

  5. Antonio H says:

    oh thank goodness. Finally, users wont be so scared, and clients wont be so nervous. Thanks!!!

  6. Zeke Jones says:

    The signed certificate approach is punitive to hobbyists and small-time developers. Why should there be a $300 yearly fee involved to distribute an application? It provides a disincentive to using AIR. Why is there a need for a signed certificate if I distribute my AIR app through my own website? The end-user knows exactly who the publisher is: my website.Adobe Flex/AIR is one of the most elegant approaches to software development, but the signed-certificate “feature” adds a scar to that beauty. It would be my wish that the “Application Install” screen becomes more friendly to those not using certificates.

  7. Zeke,The problem is that the end user *doesn’t* “know exactly who the publisher is” unless the app is signed with a trusted cert.An attacker can intercept the http traffic between the user and your server (for example using a man-in-the-middle attack). When the user clicks the link to download your application, the attacker can modify your application in transit or send an entirely different application to the user instead. Consequently, the mere fact that an application *appears* to come from a particular web site doesn’t mean it *actually* comes from that web site.Signing your app with a trusted cert means that the operating system can prove that 1) the actual bits that got downloaded to the computer didn’t change from what they were when the app was signed, and 2) the person who signed the app has proven to Verisign or some other certificate authority that they are in fact who they claim to be.(Of course, whether you trust that person or organization is still up to you. But at least with an app signed with a trusted certificate, you can know who the app really came from, so that you can decide whether you trust them or not.)-Paul

  8. Rob Burn says:

    I to think the whole signing is over the top. what desktop app has an install like the air requirements ? it’s not typical and just another way to waste moneythe idea is what about people developing desktop apps only ?the web server access is already locked down, it baffles me really. I create my own and I’m sure I lose people over this install warning.remind me again what the difference is between any other desktop app youcan down load and install without this certificate hell and an air app?I mean reallyRob

  9. Drew says:

    I think this is a great improvement. It lets the end user know there is a risk without scary them away from using the application entirely. Thank you for changing this.

  10. Tweeks says:

    Its certainly an advancement that we will all appreciate but I aggree that the whole install system is a bit over the top, OR underdeveloped with only one level of access.