Hi all Was wondering why is capturing key events (key press, key release etc..) from a background app considered a more serious security issue than capturing phone calls from background apps?
If you are going to make a phone call capturing app, then the installer notifies the end user of: "Phone calls - Intercept outgoing phone calls" and "Hardware control - record audio" Notice that it won't directly tell the user that the app will actually record outgoing AND incoming calls - only that it want's to record some kind of audio and it intercepts outgoing calls and does not tell anything regarding incoming calls. So it's possible for a malicious app to record ALL your phone calls without you noticing it (after installing the app). A malicious user can take your phone if you leave it unattended and install the app there and you have no idea that all your calls are being recorded and uploaded to the net for example. Why isn't the same logic applied to capturing key events? Some people have said that it would be a huge security risk if you would allow an app to do that (eg capturing usernames/passwords). Now why is this considered a bigger security risk than recording phone calls? The average user won't enter any of his/her usernames anyway on the G1after he has registered the phone with his g-account the first time the phone boots. The average user makes/receives phone calls, sends SMS or plays some games.. and once in a while browses some websites that do not require a log in. Recording phone calls allows an attacker to get n-times more sensitive/personal details about the user than recording usernames/passwords. I mean.. so what if an attacker gets a password for the average mailbox/forum - he will find only pictures of LOLcats, the occasional "Joe sent you an e-card" and huge amount of ... enlargement spam. Now imagine if an attacker gets access to all your phone calls... to me at least, this seems WAY scarier. I just want to understand the reasoning behind allowing recording and disallowing key events. It's a decision that I just can't understand :( (And no, I personally don't care if an app can/can't do any of the two things - they are not features that I need.. I'm just curious) Tauno --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
