On Sun, Dec 4, 2011 at 2:49 PM, klewelling <[email protected]> wrote: > My take-away from your comments is that a fundamental risk is > security. I understand you have some technical reservations but that > is for me to worry about:)
I'm sure that CarrierIQ thinks the same thing. Surprisingly enough, I disagree with that opinion. > You are of course correct that every APK > executing in the host will have the same rights and abilities. Is your > main concern that one or more of the APKs will take advantage of what > is essentially privilege escalation? The risk of privilege escalation > is obviously malware where an app sends SMS's and/or uploads private > information. The challenge is to prevent or stop this kind of > behavior. Is this analysis correct? That's certainly a starting point on the security front. Bear in mind that it's not only things the apps do explicitly that might be a problem, but any security flaws in the apps you are hosting will be magnified by the vast array of permissions your host app will require. There may be more issues than this -- I haven't exactly given this scenario tons of thought recently. To echo Mr. Micinski's reply, I have no problem with more social tools for app discovery, so long as they do not introduce security and privacy issues. And there may be excellent uses of your APK-in-an-APK techniques for user+developer controlled circumstances (e.g., plugins for a main app). -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training...At Your Office: http://commonsware.com/training -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
