GodsMoon wrote: > But I don't see how you can argue that the API to turn the screen off > is not ready for prime-time or that is a security risk.
IMHO, it is a security risk. There most certainly are applications where, if malware decided to turn off the screen (and keep it off through repeated calls), the user would be significantly impaired -- phone calls and navigation come to mind. Heck, done right, they could even effectively force a hard reset. Just keep turning off the screen every few hundred milliseconds, and the user couldn't enter their lock code. Only way to deal with that would be a hard reset, or a pinch of luck (hope you can reboot, unlock the screen, and nuke the offending app before it gets BOOT_COMPLETED). Now, that specific attack vector could be dealt with using DDoS-style defenses (e.g., an app can only ask to shut off the screen once per X period of time). But I don't think they have that defense in their now, and therefore I think it is premature to say it's ready for the SDK. > I suppose you could agree that they aren't "secret" because its an > open source project and you can call them with reflection but this > seems to go against the completely open principle he is talking about. IMHO, you're attributing maliciousness for something that probably isn't the case. In addition to the security, in addition to the fact that Android was built before there even was an SDK, etc., there's the teeny little issue of time. APIs are not added to the SDK until the core Android team is committed to them. While there have been some deprecations, generally, the SDK has remained fairly stable from 0.9 onwards. There is also a finite amount of engineering time. Time spent confirming that nobody anticipates a change in such-and-so API, adding it to the SDK, and running regression tests is time taken away from advancing the platform in other areas. Hence, we see these sorts of under-the-SDK things promoted to the SDK in bits and pieces. You may consider that to be evil. I consider it to be sensible engineering in the face of limited staffing. Whether or not it is "secret" lies in the eye of the beholder. My main problem with the quoted stuff was the claim that Gmail is on equal footing with other SDK apps. Since Gmail is proprietary, it is difficult to tell. But since the open source stock Android apps aren't written to the SDK (and, generally, predate the SDK), I'll be fairly surprised if Gmail is written to the SDK. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://twitter.com/commonsguy Android App Developer Books: http://commonsware.com/books -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
