Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Mobile applications (“apps”) running on mobile computing devices such as smart phones and tablet devices are typically downloaded by users from public application stores (“appstore”) available on the Internet. The proliferation of mobile computing devices and their level of computing capabilities have made such devices viable alternatives as remote clients to backend systems. For example, an organization may have several business application systems that support the organizations. Mobile computing devices allow user of the organization (e.g., sales people) to access these backend systems remotely.
Client-side applications for mobile devices can be distributed through an appstore channel just like any other mobile app. Business apps, however, typically require an amount of configuration which app generally do not require. For example, after download and installation on the mobile computing device, a business app may need to be configured with information about the organization's servers (“backend servers”), resource address, and port (typically in the form of a Uniform Resource Locator, URL) and any other additional app-specific configuration information, such as user interface settings, security policy information, and so on. For non-technical users, such configuration details can be difficult to enter manually into the app, time-consuming, error-prone, and thus pose an impediment to broad and fast adoption of any mobile apps the organization may want to push out.
In addition, the integrity and authenticity of such configuration information is crucial for the secure operation of an app and to protect against misuse of personal data, identity, and confidential data processed by the app. For example, if the configuration information is somehow attacked or hacked, the user may inadvertently configure an app to connect to a malicious server without the user's knowledge. When the user enters their login information (e.g., username and password), the hacker will be given information allowing them to break into the real servers in the organization.