Google launched its service Private Channel, which seems to enable organizations to set up their own app stores inside Google Play. Is this a more secure option than an enterprise building its own app store?
Ask the Expert!
SearchSecurity.com expert Michael Cobb is standing by to answer your questions about enterprise application security and platform security. Submit your question via email. (All questions are anonymous.)
The Google Play Private Channel for Google Apps is an extension of the Google Play Store that allows Google Apps for registered business, education or government customers to distribute apps to their employees from their own app store.
Setting up the store is straightforward; it's an on/off switch in the Google Apps control panel. Administrators can authorize specific users to publish apps through the Google Play developer console and configure which users or user groups can access Private Channel to download internal applications. Private Chanel includes the standard features of the Play Store, including user authentication, virus and malware detection, device targeting, user rating and user feedback.
The downside of Google Private Channel is that it is only available for Android apps on Android devices, so if an organization needs to support users with BlackBerry devices, iPhones or Windows Phones, it will still need to set up the appropriate app stores for those devices. This may be a reason for an organization to build its own app store. A centralized repository can be built to accommodate approved apps for different mobile platforms all in one place; a one-stop destination for all employees. Also, by setting a policy in which mobile devices allowed on the corporate network can only download apps from the corporate app store, the organization can control which apps reside on its employees' devices and can be effective in preventing malicious or inappropriate apps from entering the enterprise.
Security and governance are the cornerstones of any app store. Security requires authentication and access control, but it's quite an undertaking to build this from scratch. Adding and securing features such as integration with existing identity management processes, remote authentication, malware detection and user feedback requires developers with solid security experience. By the time the store is ready to roll out, the world of mobile apps may well have moved on to something else!
Rather than an organization building its own store, a cheaper and easier option is probably to deploy an existing enterprise app store product. Vendor options in this area include Apperian Inc., which offers a product called Enterprise App Services Environment (EASE), and Sybase Inc.'s Afaria, which can host a company's own apps as well as links to third-party apps hosted on external sites such as the Apple App Store or the Google Marketplace. Partnerpedia Solutions Inc.'s Enterprise App Store also allows the inclusion of third-party apps from external sites, and Zenprise Inc.'s Enterprise App Store can push new applications and documents such as videos and presentations to users' devices, while also updating existing ones.
Getting a corporate app store up and running involves some upfront costs and manpower resources, but in return, an organization can offer users the apps they need for their jobs while maintaining control over what can be used on networked devices. The IT department should review apps considered for any corporate app store to ensure that they pass performance and security thresholds, meet security policy requirements and are value for money. Stats should be kept on the number of downloads from the store, too, not only to track software costs and manage enterprise licenses, but also to understand how the store is being used and by whom. This information will provide evidence of how well the store is supporting users and the company.
This was first published in May 2013