These topics directly align with some of what I would call 'fear-mongering' with respect to malware on Android market (a recent SMobile "report" comes to mind).
http://igadgetlife.com/internet/press/smobile-systems-analysis-of-android-app-store-reveals-massive-potential-for-malware-and-viruses/ http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=225701214 I have one question and a related suggestion on this topic. First, my question: Is Google doing ANY policing of applications on Android Market? I have heard conflicting information on this topic. Second, my suggestion: As part of the update notifications that normally get sent to a user's handset, google could send a Malware notification so that users could remove them easily. Note this is in contrast to the more draconian measure of forcefully uninstalling apps from end-user's phone. In my opinion both a 'Malware notification' and a 'Draconian Force-Uninstall' could both be usefull mechanisms for the Android Market ecosystem. Obvious malware could be removed out of hand by Google with little to no explanation. However, the Force-Uninstall method could be tied to a Market community policing effort. Note similar existing policing efforts represented by mywot.org, phishtank, etc... On Sun, May 23, 2010 at 7:01 PM, davemac <[email protected]> wrote: > Not only must the unethical app declare that it reads SMS messages, > but it would require access to the Internet as well in order to talk > to its server, which it would also have to declare. If an app seemed > to legitimately require access to SMS, but also wanted access to the > Internet, I'd really wonder about that. > > At the same time, non-technical users might never question these sorts > of declarations and just go ahead and install unethical apps. There > might need to be more helpful information presented to users for each > permission being requested, so that non-technical users can understand > what they might be getting into. As it stands now, the user must > understand the ramifications of allowing permissions based on very > little information. > > - dave > http://www.androidbook.com > > On Apr 13, 9:15 pm, Dianne Hackborn <[email protected]> wrote: > > On Mon, Apr 12, 2010 at 11:13 PM, Djidane41771 <[email protected]> > wrote: > > > some of my student ask me a question, and seems sticking to it. > > > this is his questions : > > > if really any one can publish an app without google approval, so an > > > unethical person can built app to catch sms and send it to his server? > > > > The user will see when installing an app that it can access their SMS > > messages, and there is no way for the application to get to them without > > this being reported. > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them. >
