5 Replies Latest reply on Aug 11, 2010 10:15 AM by chris.campbell

    Reasons Why I Will Not Pursue Air


      Recently I've been using Appcelerator's Titanium to build my native desktop apps with html & jquery. Frustrated from the lack of updates and bugs, I decided I'd test out Air 2.0. Let me say, I'm extremely disappointed.


      First off, this whole sandbox crap ticked me off and was a major factor for my reasoning to not pursue this product. Why would I use a product which limits my capabilities from achieving a native desktop app while they take away and decide what we can and cannot do. Yes, it can in some circumstances be a good thing, but it's annoying and kinda makes me feel like a kid governed by parental controls.


      Secondly, this whole big red warning when the user installs the app is THE top reason why I think air is crap. Don't you want the users to be installing apps built with Air? Right now I've got the feeling you don't. Like stated before, you make me feel like a kid who can't be trusted, and the only way to be, is to fork out a grand to get code signed. Why would I do that? Every other Native language I can think of doesn't require this stupid little feature hold back. If I really wanted to write a virus, I'd do it in a better language.


      I am extremely grateful you created this product since I can now feel satisified with Appcelerator.

        • 1. Re: Reasons Why I Will Not Pursue Air
          chris.campbell Adobe Employee

          Thanks for the feedback.  I'll pass this along to the team.


          I understand your sandbox model frustration and while this might not be helpful, here's a high level description and rational behind AIR's security model.


          Introducing the Adobe AIR security model


          As for the big red warning that's presented to the user during install, we get your concern and the UI is something we're working on for future releases.  In the mean time, the "code red" warning can be reduced to a more mellow yellow by providing a trusted signed certificate.



          • 2. Re: Reasons Why I Will Not Pursue Air
            Joe ... Ward Level 4

            The AIR sandbox rules are in place to make it easier for you to write secure applications that don't put your user's computers at risk. It isn't about stopping your app from doing maliscious things -- the user has decided to trust you when they install your app. It's about preventing remote content (someone else's web page, for instance) from hijacking your app and doing evil things. With the sandbox rules, you will discover potentially insecure coding choices early in the development process rather than through customer bug reports after you ship.


            While you are correct that many platforms do not require signed code, it is really better for your users and you when they can verify that your application came from you and hasn't been tampered with. The "scary" installation dialog merely reflects reality. It is a bad idea to install an application if you don't know its source -- and you really don't unless it is signed by a verifiable certificate. There's no point in pretending that this isn't the case. I also believe that code signing requirements will become the norm, not the exception, as time goes on.

            • 3. Re: Reasons Why I Will Not Pursue Air

              very well said Joe! I own a certificate and use it for ALL released apps whether they are commercial or not to instill a sense of trust.


              this does raise a question though as to why Adobe and AIR gurus do not do the same? when you go here, http://www.adobe.com/devnet/air/flex/samples.html, 4 of the first 5 apps that can be directly installed are not signed! wouldn't it make sense that the organization distributing samples would sign them cause they are more likely to be downloaded with more frequency? plus it kinda nullifies the message of how important this is when Adobe distributes unsigned apps!

              • 4. Re: Reasons Why I Will Not Pursue Air
                Joe ... Ward Level 4

                I guess someone didn't get the memo! (We have certificates for this purpose.) Thanks for pointing this out.

                • 5. Re: Reasons Why I Will Not Pursue Air
                  chris.campbell Adobe Employee

                  Moderator Note: Moved discussion to the Adobe AIR Development forum