I have a feeling I already know some of it hence the security question.. But will be glad to participate in the thread ..
Thanks for taking the time to shed some light on our questions Fred Grott http://mobilebytes.wordpess.com On Thu, Aug 13, 2009 at 8:31 AM, Jean-Baptiste Queru <[email protected]>wrote: > > Let's take this discussion to android-platform and I'll show you why > you're only scratching the surface and missing a critical aspect of > the UID mechanism. > > JBQ > > On Thu, Aug 13, 2009 at 6:22 AM, lbcoder<[email protected]> wrote: > > > > Of course not. Those uids stored on the sdcard can only affect the > > programs on the sdcard itself. I.e., who cares if somebody changes the > > uid of a program on the sdcard? It still won't coincide with an on- > > device program. If you want to start dealing with global security > > (which is right now managed by the manifest file of the program rather > > than by a global security database), you can, of course, encrypt the > > uid database. Which would be nice. I would certainly like the ability > > to to tell a program NO, you CAN'T have access to my contact database > > rather than doing it the hard way and hacking the manifest. > > > > > >> On Aug 12, 5:03 pm, Fred Grott <[email protected]> wrote: > >> would not storing uid range on sdcard itself be a security risk? > > > > > > > > > > > -- > Jean-Baptiste M. "JBQ" Queru > Software Engineer, Android Open-Source Project, Google. > > Questions sent directly to me that have no reason for being private > will likely get ignored or forwarded to a public forum with no further > warning. > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
