I am a new developer in Android. I was trying to turn off the screen and came across the hidden/private API's in power manager. I agree with the above post that it could be a security risk, but as a developer there are certain things which you might want to do and it would be nice of google to make them open, maybe with some constraints.
Karthik. On Tue, Apr 27, 2010 at 3:03 PM, Mark Murphy <[email protected]>wrote: > GodsMoon wrote: > > But I don't see how you can argue that the API to turn the screen off > > is not ready for prime-time or that is a security risk. > > IMHO, it is a security risk. There most certainly are applications > where, if malware decided to turn off the screen (and keep it off > through repeated calls), the user would be significantly impaired -- > phone calls and navigation come to mind. > > Heck, done right, they could even effectively force a hard reset. Just > keep turning off the screen every few hundred milliseconds, and the user > couldn't enter their lock code. Only way to deal with that would be a > hard reset, or a pinch of luck (hope you can reboot, unlock the screen, > and nuke the offending app before it gets BOOT_COMPLETED). > > Now, that specific attack vector could be dealt with using DDoS-style > defenses (e.g., an app can only ask to shut off the screen once per X > period of time). But I don't think they have that defense in their now, > and therefore I think it is premature to say it's ready for the SDK. > > > I suppose you could agree that they aren't "secret" because its an > > open source project and you can call them with reflection but this > > seems to go against the completely open principle he is talking about. > > IMHO, you're attributing maliciousness for something that probably isn't > the case. In addition to the security, in addition to the fact that > Android was built before there even was an SDK, etc., there's the teeny > little issue of time. > > APIs are not added to the SDK until the core Android team is committed > to them. While there have been some deprecations, generally, the SDK has > remained fairly stable from 0.9 onwards. > > There is also a finite amount of engineering time. Time spent confirming > that nobody anticipates a change in such-and-so API, adding it to the > SDK, and running regression tests is time taken away from advancing the > platform in other areas. > > Hence, we see these sorts of under-the-SDK things promoted to the SDK in > bits and pieces. You may consider that to be evil. I consider it to be > sensible engineering in the face of limited staffing. Whether or not it > is "secret" lies in the eye of the beholder. > > My main problem with the quoted stuff was the claim that Gmail is on > equal footing with other SDK apps. Since Gmail is proprietary, it is > difficult to tell. But since the open source stock Android apps aren't > written to the SDK (and, generally, predate the SDK), I'll be fairly > surprised if Gmail is written to the SDK. > > -- > Mark Murphy (a Commons Guy) > http://commonsware.com | http://twitter.com/commonsguy > > Android App Developer Books: http://commonsware.com/books > > -- > You received this message because you are subscribed to the Google Groups > "Android Discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-discuss?hl=en. > > -- Karthik R Graduate Student Computer Science Department UCLA -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
