When the result of an http request to a webserver is a file download and your server responds with the following headers:

Content-Disposition: attachment; filename=arple.apk
Content-Type: application/vnd.android.package-archive

the file is saved incorrectly as "download.apk".

If the Content-Disposition header has the filename as a quoted-string, like this:

Content-Disposition: attachment; filename="arple.apk"

then the file is saved correctly as "arple.apk".

This violates the relevant standards.

RFC 2183 which documents the "Content-Disposition header" says:
<snip>
   filename-parm := "filename" "=" value
<snip>
NOTE ON PARAMETER VALUE LENGTHS: A short (length <= 78 characters)
   parameter value containing only non-`tspecials' characters SHOULD be
   represented as a single `token'.  A short parameter value containing
   only ASCII characters, but including `tspecials' characters, SHOULD
   be represented as `quoted-string'.  Parameter values longer than 78
   characters, or which contain non-ASCII characters, MUST be encoded as
   specified in [RFC 2184].

   `Extension-token', `parameter', `tspecials' and `value' are defined
   according to [RFC 2045] (which references [RFC 822] in the definition
   of some of these tokens).  `quoted-string' and `DIGIT' are defined in
   [RFC 822].

The filename "arple.apk" is less than 78 characters in length and does NOT contain any "tspecials" as defined in RFC 2045 and RFC 822 and therefore, according to the specification, SHOULD be represented as a single `token'.

However, the current Android implementation requires that the filename be represented as `quoted-string'.

I haven't done extensive testing, but as far as I know this is a problem with all Android devices starting with G1. We've verified this on HTC Desire with Android 2.1.