On Sun, Dec 4, 2011 at 5:17 PM, klewelling <klewell...@gmail.com> wrote:
> Getting back to the StumbleUpon-style service I believe a lot of the
> security issues can be reduced by limiting the permissions available
> to the dynamic applications. Split the app into two pieces, a UI APK
> and a host APK. They are signed with different certs so they are
> independent. The host APK has a limited set of permissions (no SMS,
> network, etc). The dynamic apps must route all network, sms, contact,
> etc requests to the UI apk. The UI apk then asks the user if the
> request is ok. Ignoring performance and usability issues and focusing
> on the security issue, does this sound secure?
I don't completely follow your description, sorry. You're using too
many terms ("the app", "host APK", "UI APK", "dynamic apps") that you
know how they relate, but I don't. Perhaps I'm just being thick.
--
Mark Murphy (a Commons Guy)
http://commonsware.com | http://github.com/commonsguy
http://commonsware.com/blog | http://twitter.com/commonsguy
Android Training...At Your Office: http://commonsware.com/training
--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
