For the second one (CA-signed certificates), I can say it is fairly unlikely we would want to accept something like that in to the platform; it is completely contrary to the open model of Android.
For the first, research on identifying conflation of permissions that are of interest to the user would certainly be interesting. For any one going down this road, keep in mind that the most important thing is how to present this kind of stuff to the user in a meaningful way. On Mon, Aug 3, 2009 at 6:43 AM, juanfe <[email protected]> wrote: > > Hi Luis, > > Take a look at these threads: > > > http://www.mail-archive.com/[email protected]/msg00193.html > > > http://www.mail-archive.com/[email protected]/msg00192.html > > Anyone who can come up with a good way of addressing this security > challenge operationally will be doing a lot of Android users a > significant favor. The Android team believes this is unnecessary to > address, so it's up to the community to come up with some way of > avoiding the impact of this (IMHO flawed) architecture. > > Regards, > > Juan Felipe > > On Aug 2, 2:08 pm, Luis <[email protected]> wrote: > > Hi all, > > > > I am looking to contribute to Android security and at the same time > > write my thesis. > > I have experience in C++ programming as well as other languages; and > > also in coporate security management. > > > > Any ideas of topics where I could help? > > > > Luis > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them.
