This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Application Deployment - Official appsheet launcher

Posted on 05-06-2019 08:06 AM
Jonathon
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

One method of deploying applications is by having users install the official AppSheet application from the iOS or Android play store. From this app, they can go to ‘Shared Applications’ where they are presented a list of all applications shared to their email.

I was hoping there would be a way to have applications not show up in this list, in the case that you have shared an application across a domain. Ignoring other security considerations, I would like users to only be aware of applications they can see through the main application launcher. Currently, users who have the appsheet application installed can see everything shared across the domain.

0 5 426
Topic Labels
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Aleksi
Staff
Reply posted on --/--/---- --:-- AM

Have you thought to create your own app launcher?

Posted on --/--/---- --:-- AM
Jonathon
Silver 5
Silver 5
In response to Aleksi
Reply posted on --/--/---- --:-- AM

Hey @Aleksi,

Yes I have my own app launcher. This is what I want people to use.

The problem is, there is nothing stopping people from bypassing the application launcher by installing the official AppSheet app going through the shared applications.

There are some problems with this, namely:

  • I am trying to dynamically handle onboarding by having people register themselves through the launcher. The first time people load the application, they are presented with a required sign-up form. Their credentials are then used throughout other applications. They can bypass this via the official appsheet app, potentially breaking things.
  • I have built a user-permissions table which lets users who cannot directly edit application definitions assign credentials to users. For this to function, I need to allow the entire @domain.com as a default. Other security considerations have been implemented; however, it would still be nice for unauthorized users to not be able to see these admin-esque applications.

Posted on --/--/---- --:-- AM
Jonathon
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

Resurrecting this to make another point…

Through the use of permissions tables, I control what applications users can see in the app launcher. For added security, I also employ security filters within sensitive applications to prevent unauthorized users from seeing data within them, should they somehow bypass the app launcher.

User permissions can be controlled via a user administration application. This makes it easy for myself, or management users to control who can access what information. For this process to work properly, I must whitelist my organizations entire domain within every app, lest I have to go into the app definition whenever someone wants to restrict or grant app access.

Because of this behaviour, it has led me to be ‘secretive’ about the existence of the AppSheet application. I don’t want users installing the app and seeing the list of all my globally shared applications. It is a real security issue and there is currently no workaround that I am aware of.

Is there something that can be done about this??

Posted on --/--/---- --:-- AM
Grant_Stead
Silver 5
Silver 5
In response to Jonathon
Reply posted on --/--/---- --:-- AM

Stop sharing it with your whole domain, and switch to like an AWS Cognito approach.

Posted on --/--/---- --:-- AM
Aleksi
Staff
Reply posted on --/--/---- --:-- AM

@Jonathon Why don’t you use security filter with the app launcher’s menu as well?

0 Likes
Top Labels in this Space