On Dec 4, 4:26 pm, guillaume benats <[email protected]> wrote:
> Yes I agree, but my point is not to complete all the weaknesses of Android > in terms of privacy. I have made with some colleagues a dependency-aware > privacy management model for mobile applications. And I'd like to focus on > those dependencies so I'd like to use that kind of tool to make some > observations, not to build anything. The problem is that those tools are not able to show you dependencies that someone is going to any real effort to hide. I spent some time looking at taintdroid earlier today, and it appears it has no ability to handle native code. It has some pre-solved concept of what the platform libs do in terms of taint propagation, but can't monitor native code shipped in applications - which turns out to be a not-very-complicated way to intercept and modify the VM's communication with Binder. Also, a run-time analysis tool can only show you dependencies that have occurred during testing, not all that could in other conditions. If something of potential concern doesn't happen until the app has been installed for a while, or doesn't happen if the md5sum of some system file is not as expected (remember taintdroid is a modified android platform) it may never detect the possibility that it could occur. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
