Desktop AIR applications can be distributed via AIR installer
files which use the
air
extension. When Adobe AIR
is installed and an AIR file is opened, the runtime administers
and manages the application installation process.
Note:
Developers can specify a version, and application
name, and a publisher source, but the initial application installation
workflow itself cannot be modified. This restriction is advantageous
for users because all AIR applications share a secure, streamlined,
and consistent installation procedure administered by Adobe AIR.
If application customization is necessary, it can be provided when
the application is first executed.
The default application installer provides the user with security-related
information. AIR displays the publisher name during installation
when the AIR application has been signed with a certificate that
is trusted, or which chains to a certificate that is trusted on
the installation computer. Otherwise the publisher name is displayed
as “Unknown.” This lets the user make an informed decision whether
to install the application or not:
AIR applications first require the runtime to be installed on
a user’s computer, just as SWF files first require the Flash Player
browser plug-in to be installed.
The runtime can be installed in two ways: using the seamless
install feature or via a manual installation.
-
The seamless install feature provides developers with
a streamlined installation experience for users who do not have
Adobe AIR installed yet. In the seamless install method, the developer
embeds a SWF file in a web page, and that SWF file presents the
name of the AIR application for installation. When a user clicks
in the SWF file to install the application, the SWF file checks
for the presence of the runtime. If the runtime cannot be detected
it is installed, and the runtime is activated immediately with the
installation process for the developer's application. The user is
provided with the option to cancel installation.
-
Alternatively, the user can manually download and install
the runtime before installing an AIR file. The developer can then
distribute an AIR file by different means (for example, via e-mail
or an HTML link on a web site). When the AIR file is opened, the
runtime is activated and begins to process the application installation.
The AIR security model allows users to decide whether to install
an AIR application. The AIR installer provides several improvements
over native application install technologies that make this trust
decision easier for users:
-
The runtime provides a consistent installation experience
on all operating systems, even when an AIR application is installed
from a link in a web browser. Most native application install experiences
depend upon the browser or other application to provide security
information, if it is provided at all.
-
The AIR application installer identifies the source of the
application (or, if the source cannot be verified, the installer
makes this clear) and it provides information about the privileges
that are available to the application if the user allows the installation
to proceed.
-
The runtime administers the installation process of an AIR
application. An AIR application cannot manipulate the installation
process the runtime uses.
In general, users should not install any application (including
an AIR application) that comes from a source that they do not trust,
or that cannot be verified. The burden of proof on security for
native applications is equally true for AIR applications as it is
for other installable applications.
AIR 2 adds support for extended desktop AIR applications. These
applications are installed using native installer files:
When you create a native installer, you no longer gain the benefits
of the standard AIR installation and update model. You become responsible
for the install experience just as you would with a native application
created with any other technology.
AIR 3 adds support for captive runtime bundles. In this deployment
model, your application no longer uses the shared runtime installed
on a user’s computer. Instead, your application contains its own,
private copy of the AIR runtime. In this model, you are responsible
for the install and update experience. Furthermore, since the AIR
runtime used by your application is never updated by Adobe, you are
also responsible for updating your application whenever applicable
security fixes to the runtime are published.
