Mobile AIR applications can be distributed as native packages
for the supported platforms. On Android, the package format is an
APK file; on iOS, the package format is an IPA file. Users can download
and install mobile AIR applications via the normal means supported
by the platform. For example, via the Market on Android and the
App Store on iOS. Installation of AIR applications is subject to the
same restrictions as any other application on the platform.
On Android, the AIR runtime is installed separately and is activated
whenever an AIR for Android app is launched.
On iOS devices, such as the iPhone, the AIR runtime is not installed
separately; each AIR app on iOS is a self-contained application.
In general, users should not install any application (including
an AIR application) that comes from a source that they do not trust,
or that cannot be verified. The burden of proof on security for
native applications is equally true for AIR applications as it is
for other installable applications.
AIR 3 adds support for captive runtime bundles on Android. In
this deployment model, your application no longer uses the shared
runtime installed on a user’s device. Instead, your application
contains its own, private copy of the AIR runtime. In this model,
you are responsible for the install and update experience. Furthermore,
since the AIR runtime used by your application is never updated
by Adobe, you are also responsible for updating your application
whenever applicable security fixes to the runtime are published.
Note that the deployment model used on iOS has always used a captive
runtime.
