Hi Going by reading of some documents, watching videos etc. available on net, etc. I think android provides security by:
1) on lowest level (kernel), every process has it's own linux user Id and runs in an instance of DVM and separate from other stuff and thus sandboxed, so can't hurt other processes. my question: Is this sandboxing technique directly inherited from (or highly similar to) the Java Security Model, because Java protects the user from dangerous code by not letting any application cross it's boundaries, that approach is also called sandboxing? 2) in the upper layer, there are a set of permissions that an applications has (given to it on install). my question: can an app A (user doesn't trust much) be written that in presence of app B (user trusts this one), such that A could use Intents to make app B do some work and hence have an action performed without user's wish. e.g. there is a video recorder from the camera (app B), this is trusted by user. the app A (say merely a slideshow application but designed to fool) will say start a service that would raise an intent which would be handled by B and force it to start the cam recording and start storing on the SD card. Thanks & Regards Ashish On Aug 12, 2:12 pm, Ashish Srivastava <[email protected]> wrote: > Hi all > > I am a masters student at IIT Delhi. I want to work on Android > Security as a part of my Major Project (duration 8 to 10 months). > Please suggest me some reference materials and ideas. > > Thanks & Regards > Ashish
