On Dec 4, 2:18 pm, Mark Murphy <[email protected]> wrote: > On Sun, Dec 4, 2011 at 2:49 PM, klewelling <[email protected]> wrote: > > My take-away from your comments is that a fundamental risk is > > security. I understand you have some technical reservations but that > > is for me to worry about:) > > I'm sure that CarrierIQ thinks the same thing. > > Surprisingly enough, I disagree with that opinion.
Ouch! I don't think I made my point clear. By saying you had technical reservations I wasn't referring to the security I was referring to the application virtualization which you said "Only by writing custom firmware, AFAIK.". You security concerns are very valid. Sorry for the confusion. > > > You are of course correct that every APK > > executing in the host will have the same rights and abilities. Is your > > main concern that one or more of the APKs will take advantage of what > > is essentially privilege escalation? The risk of privilege escalation > > is obviously malware where an app sends SMS's and/or uploads private > > information. The challenge is to prevent or stop this kind of > > behavior. Is this analysis correct? > > That's certainly a starting point on the security front. Bear in mind > that it's not only things the apps do explicitly that might be a > problem, but any security flaws in the apps you are hosting will be > magnified by the vast array of permissions your host app will require. > There may be more issues than this -- I haven't exactly given this > scenario tons of thought recently. > > To echo Mr. Micinski's reply, I have no problem with more social tools > for app discovery, so long as they do not introduce security and > privacy issues. And there may be excellent uses of your APK-in-an-APK > techniques for user+developer controlled circumstances (e.g., plugins > for a main app). > What do you think about treating your entire app as a plugin so you can perform true A/B testing? For example I have an idea for a new feature or layout design I want to see how people react. I make the changes to my app and then distribute the new app to a small percent of users. You can do this on an opt in basis. Then use analytics to determine if users like the change or not. If they do like it update the apk to the market to be distributed to everyone. You can take this even further and take over distribution completely and even do continuous deployment. I think this could work well in a corporate environment. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
