Hey Tauren, Actually you are making perfect sense I think.
I guess I was looking at it from the standpoint of something totally different,but I'm glad I asked it. :) So if I am understanding you correctly then the sdcard protects the phone from saving any files to the sdcard since the permissions are limited to read only? Thanks for clearing this up Tauren I guess I didn't look close enough at what it was really saying. On Aug 27, 10:31 am, Tauren <[email protected]> wrote: > I think you are thinking about this wrong, what this I believe is > directed to is that you have no permissions on necessarily on files on > an sdcard. So If I hook the phone up to the computer and I mount the > sdcard you no longer have access to the files because its mounted to > the computer. More so the security of the phone is not enforced upon > the files so you may not have permissions assigned to say a document > on an sdcard such that it is read only. When you mount a filesystem > on say an sdcard you end up with the permissions of the user that > mounted the files, thusly yourself. This is normal behavior unless > there is something I'm not picking up here from the wording. > > On Aug 27, 10:25 am, Eric Dorman <[email protected]> wrote: > > > > > Ok, um I'll try to cite it. > > > Maybe I have this completely wrong. > > > "External files can disappear if the user mounts the external storage > > on a computer or removes the media, and there's no security enforced > > upon files you save to the external storage. All applications can read > > and write files placed on the external storage and the user can remove > > them." > > > -Android Dev Docs > > > Say I hooked up my phone to the computer and I wanted to transfer some > > files like maybe a media file or something like that. > > > Not the best example I know,but I hope it gives you an idea of what I > > am thinking. > > > On Aug 27, 10:13 am, Tauren <[email protected]> wrote: > > > > I'm still a little confused by your wording. What do you define > > > external storage as? Can you cite this area of the dev docs? More > > > could you give a better example? > > > > On Aug 27, 10:03 am, Eric Dorman <[email protected]> wrote: > > > > > Hey Tauren, > > > > > It would be a attack from the computer to the phone in some sort of > > > > file transfer. > > > > > I guess what I am trying to say is what if a user connects the device > > > > into the computer and has files on the computer that he wants to > > > > transfer to the device via a USB Mass Storage? > > > > > I believe from the dev docs that it said external files can disappear > > > > if the user puts the external storage on the computer. > > > > > I hope I am not confusing anyone or asking a dumb question. > > > > > I am just curious. :D > > > > > On Aug 27, 9:40 am, Tauren <[email protected]> wrote: > > > > > > Is this an attach on the phone itself via the sdcard? or an attack on > > > > > the computer? For an attack on the computer to occur the software > > > > > often needs to be run, which from the sdcard shouldn't happen. As > > > > > for attacking the phone I'll leave that up to the experts but I > > > > > suspect that the phone won't just run stuff. If its a vulnerable > > > > > document of some sort like say a PDF then it comes down to the user > > > > > and knowing not to open things he shouldn't. > > > > > > On Aug 27, 9:21 am, Eric Dorman <[email protected]> wrote: > > > > > > > Hey guys, > > > > > > > I have recently been reading up on the External Storage > > > > > > Documentation > > > > > > and I have a question that I wanted to address before I made any > > > > > > assumptions. :D > > > > > > > If you can write files to lets say the SD Card then if the user > > > > > > connects his/her device into a computer then couldn't the External > > > > > > Storage be vulnerable to some kind of security attack on the files > > > > > > in > > > > > > the External Storage System that have been saved? > > > > > > > I am not sure if this would count as a vulnerability,but I thought > > > > > > I'd > > > > > > ask before I go and report it. :( -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
