Last week we released an updated version of the AIR runtime, version 1.5.2, which includes bug fixes related to reliability, compatibility and security – the details of which can be found on the Adobe AIR team blog and in the developer release notes.
This minor update does however also make a change to the install dialogue that is displayed to the user when installing an AIR application. In versions prior to AIR 1.5.2, the user would be presented with the following dialogue when installing an application that had been signed with a certificate-authority issued certificate:
We received feedback from some end-users to suggest that this dialogue, which verified the publisher identity, but which also warned of unrestricted system access, made them unsure as to whether or not the application should be trusted, even if they recognized and trusted the publisher of the application.
From an application publisher perspective, there was no option in the AIR deployment process to package an application with an alternative level of system access, hence additional reassurance was often required, in the form of step-by-step install guides or FAQ documents published online, to reassure the end user that the application was OK to install.
With the release of AIR 1.5.2, the install dialogue for all newly installed applications (i.e. not just those that have been updated to work specifically with the new version), signed with a certificate-authority issued certificate, is as follows:
This simplified dialogue removes the specific warning about unrestricted access, but still (correctly) challenges the user to answer the question “Are you sure you want to install this application to your computer?”. Most end-users I’ve spoken with understand that “installing” something requires a certain level of trust and I think the revised dialogue is more in line with existing OS dialogues and more appropriate to the level of risk involved.
For application publishers it should remove some of the overhead that was required to support end-users during the installation process and remove a concern that might otherwise have put them off completing the installation.
It should be noted that there has been no change to the dialogue for self-signed applications – this dialogue, quite rightly, makes it clear to the end-user that there is increased risk associated with the installation of the application.
You can download the latest version of the AIR runtime from here.
Andrew Shorten's Blog 
A new release just for label rename? For sure I thought Adobe could bring more sustentable to sphere. For small developers like I that I don’t want to buy a certificate to put on my app just for dozen clients. or small of it for free usage. I think this politic of Adobe about AIR have to change and give more real results and controls for developers that willing to use the Adobe AIR.
When the AIR will nativily connection to make my own installer with multiplies steps. Not so good so far the installer. very poorly.
@Marcus – AIR 1.5.2 is a minor release that is focused on primarily addressing security issues and a few critical bugs. Rest assured — we are working on a major release right now as well. With regard to your concerns over the cost of certificates, I hear you. One point to note is that AIR applications are like other desktop applications. If you are deploying a native application, operating systems generally display a “safer” looking dialog when you sign your application from a certificate of authority (CA) like VeriSign. In that sense, AIR applications are following installation conventions that operating systems have already established around native applications. Since AIR applications can be signed with a self-signed certificate, it is still possible of course to deploy an application, but the end user experience is less welcoming.
If you upload an application to the AIR marketplace, there is a promotion taking place where you will be offered a coupon for a certificate at no cost.
Thanks,
-Rob
Product Manager, Adobe AIR
Hey Rob – thanks for replying here… I did send a reply to Marcus thinking that it would appear here also, but it appears that replies in WordPress are different to comments and it failed to show up. Bizarre, but I know for next time.
Cheers,
Andrew
Pingback: localToGlobal » Blog Archive » news review -> 32th week of 2009