On Sun, Dec 4, 2011 at 5:17 PM, klewelling <klewell...@gmail.com> wrote: > Getting back to the StumbleUpon-style service I believe a lot of the > security issues can be reduced by limiting the permissions available > to the dynamic applications. Split the app into two pieces, a UI APK > and a host APK. They are signed with different certs so they are > independent. The host APK has a limited set of permissions (no SMS, > network, etc). The dynamic apps must route all network, sms, contact, > etc requests to the UI apk. The UI apk then asks the user if the > request is ok. Ignoring performance and usability issues and focusing > on the security issue, does this sound secure?
I don't completely follow your description, sorry. You're using too many terms ("the app", "host APK", "UI APK", "dynamic apps") that you know how they relate, but I don't. Perhaps I'm just being thick. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy Android Training...At Your Office: http://commonsware.com/training -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en