As Dianne says, the process is the security boundary. You could run the plugins in a Service process that had one ability: to talk to your main process over a Binder.
If I may shamelessly plug, I will: see my colleague Jesse Burns' paper on writing secure Android applications. It's at our site, https://www.isecpartners.com. On Jan 14, 2010 2:12 AM, "Yuliy Pisetsky" <[email protected]> wrote: I want the plugins to perform some calculations for me. So I want to call code inside them, and let them call some methods I define if they need to talk to the world, but otherwise don't want them having access to the UI, or being able to send intents to other apps (even things which would otherwise not have a permission associated with them). In other words, I trust them about as much as a web browser trusts the scripts on a web page. On Wed, Jan 13, 2010 at 5:32 PM, Chris Palmer <[email protected]> wrote: > What kind of attack ...
