On Fri, Aug 27, 2010 at 2:43 PM, Tauren <[email protected]> wrote: > That said on the flipside you could also see what kind of permissions > are allowed to the specific application. Most of the vulnerabilities > today tend to occur in applications that users give more permissions > to than they should. As evidenced by applications such as wallpapers > sending out phone information, or applications drawing gps addresses > etc. >
Yes the number of permissions applications request and what they do with them is extremely important. But note that at this point we are already many steps ahead of the traditional desktop, where you wouldn't think about this, because this level of information and control doesn't exist. (I would also make the argument that the permission model is ahead of most curation models as well, since in practice it is not possible to find many kinds of security issues through review, especially without source code. Consider for example an app that seems to be fine but 2 months later, after it has gotten through the review, starts collecting your personal data and sending it to server.) -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
