I'm not sure I understand. What software do they expect to install via the App Store that can't be installed with the Apple's root certificates? Apple signs everything listed on the App Store, does it not?
Also, why would they need the App Store to distribute software signed by their own keys anyway?
Assume you're a government agency. Assume you want to install software that isn't in the AppStore. Perhaps some software you wrote yourself. Sure, the security of the system should be based on keying material, but you still don't want the general public to know you're installing Coup d'Etat 2.1 on your devices. And you don't want Apple to know that you're installing Corporate Fiscal Surveillance 1.1 on your iDevice.
It would be nice if you could maintain the many security features that DO exist while at the same time installing apps on your devices you want to install without having to have them blessed by Apple's dev CA.
You can't install roots for all apps, notably the app store. Various government agencies occasionally like to install apps that are not web apps.
I'm not sure I understand. What software do they expect to install via the App Store that can't be installed with the Apple's root certificates? Apple signs everything listed on the App Store, does it not?
Also, why would they need the App Store to distribute software signed by their own keys anyway?
Assume you're a government agency. Assume you want to install software that isn't in the AppStore. Perhaps some software you wrote yourself. Sure, the security of the system should be based on keying material, but you still don't want the general public to know you're installing Coup d'Etat 2.1 on your devices. And you don't want Apple to know that you're installing Corporate Fiscal Surveillance 1.1 on your iDevice.
It would be nice if you could maintain the many security features that DO exist while at the same time installing apps on your devices you want to install without having to have them blessed by Apple's dev CA.
Yes.