On Aug 13, 2:48 am, Chris Palmer <[email protected]> wrote:
> As always, I don't speak for my employer or any of my employer's clients.
>
> On Mon, Aug 3, 2009 at 6:43 AM, juanfe<[email protected]> wrote:
> >http://www.mail-archive.com/[email protected]...
>
> Have you tried this scenario recently, with Cupcake or the latest SDK?
>
> >http://www.mail-archive.com/[email protected]...
>
> http://developer.android.com/guide/topics/security/security.html
>
> Android's API safety comes primarily from the Permission system and
> from the user's informed decision to install a given application.
> Certificates cryptographically link Permissions to sources of code and
> optionally to a Linux UID. In any case, CAs do not provide any measure
> of trustworthiness. CAs were supposed to help people link online
> identities with real-world identities, which is a distinct thing.
>
> People seem to want to trust a central authority. That baffles me,
> given the performance of global, public CAs so far. (Google for "md5
> considered harmful today" or "moxie marlinspike", or try to buy a
> certificate with the CN "email" and think about how bad it is that you
> were able to.) As security engineers we are trying to reduce the
> number of entities we have to trust, and the degree to which we have
> to trust them. Android's design helps users do both.
>
> Android's security design is very different from that of PC operating
> systems. The user interface tells the user what they need to know to
> decide if they want to trust the application with the stated
> Permissions. This design allows Android users to put a smaller amount
> of trust in their applications; by contrast, PC operating systems
> typically require users to fully trust their applications.
>
> Therefore trustworthiness is arguably less of an issue, since users
> place less trust in Android applications.
I want to learn more about the security architecture of Android (both
h/w and s/w). Where can I find such info?
PS. Telling the user about what user what they need to know (to decide
if they want to trust the application with the stated Permissions)
does not guarantee trustworthiness. It could be that there
is malware inserted between the platform and the app. I think only
when Android is deployed at the scale of Windows (and is deployed for
high-value transactions) will we hear about attacks and hear about
flaws. Has the Android team looked at Intel's TXT technology and
related h/w security from BRCM?
Thanks.
/thomas/
