Let's take this discussion to android-platform and I'll show you why you're only scratching the surface and missing a critical aspect of the UID mechanism.
JBQ On Thu, Aug 13, 2009 at 6:22 AM, lbcoder<[email protected]> wrote: > > Of course not. Those uids stored on the sdcard can only affect the > programs on the sdcard itself. I.e., who cares if somebody changes the > uid of a program on the sdcard? It still won't coincide with an on- > device program. If you want to start dealing with global security > (which is right now managed by the manifest file of the program rather > than by a global security database), you can, of course, encrypt the > uid database. Which would be nice. I would certainly like the ability > to to tell a program NO, you CAN'T have access to my contact database > rather than doing it the hard way and hacking the manifest. > > >> On Aug 12, 5:03 pm, Fred Grott <[email protected]> wrote: >> would not storing uid range on sdcard itself be a security risk? > > > > -- Jean-Baptiste M. "JBQ" Queru Software Engineer, Android Open-Source Project, Google. Questions sent directly to me that have no reason for being private will likely get ignored or forwarded to a public forum with no further warning. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
