Well I should say that the user should fundamentally feel like they trust the IME, as the dialog says. Especially given how much control an IME has (able to send arbitrary events throughout the UI), if someone wanted to be malicious they could most likely figure out a way to get data off the device.
On Tue, Jan 4, 2011 at 10:10 PM, perumal316 <[email protected]> wrote: > Hi Dianne Hackborn, > > Yes, in Android phones if an installed IME is chosen there is a > security prompt displaying "The input method may be able to collect > all the text you type,....." > > I guess then it is up to user to look at the permissions during > installation and be sure of what he/she is installing. > > Regards, > Perumal > > On Jan 5, 12:23 pm, Dianne Hackborn <[email protected]> wrote: > > On Tue, Jan 4, 2011 at 8:02 PM, perumal316 <[email protected]> wrote: > > > Ok. Meaning those custom keyboards available for installation to > > > Android can be potentially malicious? > > > > Well everything in the world can potentially be malicious. You'll need > to > > specify more fine-grained what you mean. If you mean that an IME you > > install, enable, and select, which also has a way to get internet access > > (such as through the internet permission), can log everything you are > typing > > and upload it to the internet... then sure. That's explicitly what it > is > > allowed to do. > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
