Mark, The thing that sticks out in my mind in the copy protection API that Market uses.
Market isn't part of the core OS, yet third party apps don't have access to the copy protection used by Market, which means any app installed outside of Market can't use it (e.g. apps installed via AndAppStore). Lots of things which are security risks are handled via the install apps permissions screen (e.g. allowing apps to send data out and get data from to any server on the internet), so couldn't the other APIs which present similar risks be handled in the same way. As for handling the BOOT_COMPLETE situation, I've always felt there Android should have a last-resort safe mode, because, as has already been shown, an Android 'phone could become part of a bot-net using BOOT_COMPLETE & the internet permission, so the ability to boot the 'phone in manner that doesn't start any non-firmware apps would be useful. Al. -- * Looking for Android Apps? - Try http://andappstore.com/ * ====== Funky Android Limited is registered in England & Wales with the company number 6741909. The views expressed in this email are those of the author and not necessarily those of Funky Android Limited, it's associates, or it's subsidiaries. On 27 Apr 2010, at 23:03, Mark Murphy wrote: > GodsMoon wrote: >> But I don't see how you can argue that the API to turn the screen off >> is not ready for prime-time or that is a security risk. > > IMHO, it is a security risk. There most certainly are applications > where, if malware decided to turn off the screen (and keep it off > through repeated calls), the user would be significantly impaired -- > phone calls and navigation come to mind. > > Heck, done right, they could even effectively force a hard reset. Just > keep turning off the screen every few hundred milliseconds, and the user > couldn't enter their lock code. Only way to deal with that would be a > hard reset, or a pinch of luck (hope you can reboot, unlock the screen, > and nuke the offending app before it gets BOOT_COMPLETED). > > Now, that specific attack vector could be dealt with using DDoS-style > defenses (e.g., an app can only ask to shut off the screen once per X > period of time). But I don't think they have that defense in their now, > and therefore I think it is premature to say it's ready for the SDK. > >> I suppose you could agree that they aren't "secret" because its an >> open source project and you can call them with reflection but this >> seems to go against the completely open principle he is talking about. > > IMHO, you're attributing maliciousness for something that probably isn't > the case. In addition to the security, in addition to the fact that > Android was built before there even was an SDK, etc., there's the teeny > little issue of time. > > APIs are not added to the SDK until the core Android team is committed > to them. While there have been some deprecations, generally, the SDK has > remained fairly stable from 0.9 onwards. > > There is also a finite amount of engineering time. Time spent confirming > that nobody anticipates a change in such-and-so API, adding it to the > SDK, and running regression tests is time taken away from advancing the > platform in other areas. > > Hence, we see these sorts of under-the-SDK things promoted to the SDK in > bits and pieces. You may consider that to be evil. I consider it to be > sensible engineering in the face of limited staffing. Whether or not it > is "secret" lies in the eye of the beholder. > > My main problem with the quoted stuff was the claim that Gmail is on > equal footing with other SDK apps. Since Gmail is proprietary, it is > difficult to tell. But since the open source stock Android apps aren't > written to the SDK (and, generally, predate the SDK), I'll be fairly > surprised if Gmail is written to the SDK. > > -- > Mark Murphy (a Commons Guy) > http://commonsware.com | http://twitter.com/commonsguy > > Android App Developer Books: http://commonsware.com/books > > -- > You received this message because you are subscribed to the Google Groups > "Android Discuss" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
