I should have clarified that I meant you can't tell an application that uses your private data on your behalf (for example, a fancy phonebook that needs READ_CONTACTS) and does license verification from one that also steals your private information.
My real argument being that if an application has access to it, it can probably steal it without you knowing - any "leak detection" scheme I can think of is going to either false positive on all sorts of legitimate hard-to-crack licensing, or be easily circumvented with a little native-code obfuscation and encryption. On Dec 4, 1:44 pm, Mark Murphy <[email protected]> wrote: > On Sat, Dec 4, 2010 at 1:34 PM, Chris Stratton <[email protected]> wrote: > > I postulate that it is impossible to distinguish an application which > > does custom license verification against a server from one which > > steals private user data. > > > Agree or disagree? > > Disagree, though I suppose it depends on your definition of "private > user data". A solid LVL implementation should not need READ_CONTACTS, > for example. > > OTOH, if you define "private user data" as identifying information > (e.g., MAC, IMEI, IMSI), then, yes, that's pretty much a given. > > -- > Mark Murphy (a Commons > Guy)http://commonsware.com|http://github.com/commonsguyhttp://commonsware.com/blog|http://twitter.com/commonsguy > > _The Busy Coder's Guide to Android Development_ Version 3.3 Available! -- You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en.
