On Wed, Dec 22, 2010 at 2:05 PM, BobMcCormick <[email protected]>wrote:
> Being "rootable" is not, in and of itself, a bad thing. The owner of > the device should have the right to assert control of the device, just > like with a PC or a laptop. > I'm not sure I entirely agree... One of the key principles of security, IMHO, is "consent". A system can only be considered secure if all parties involved consent to interact with each other. In the case of a phone, there are multiple parties involved. The main ones are: * The user or owner of the device * The application developer / content producer * The carrier (ignoring other parties like the government, employers, etc...) When a user "roots" their device using a security hole, they are bypassing the implicit consent granted by the other parties. This, IMHO, is a bad thing. For example, consider an Android application which handles confidential medical records. The application's developer is under a legal obligation to protect the information. If you root your device and install a backup program like Titanium Backup, you may be compromising that data by backing it up. In essence, you've taken away the right of the application developer to determine how their application handles their data. There's a role for legitimately unlocking devices. It's valuable and needed. But the unlocking needs to be done with everyone's full and complete consent. * Users should be able to choose what applications can be installed on their phones * Developers should be able to choose whether or not to run on a rooted phone. * Carriers should be able to effectively manage and control their network. IMHO. -- Nick -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
