Or "yes"? For an application that is concerned about this, is there any way for such an app to disallow 3rd party IMEs?
Counting on the user to read the permissions, then synthesize and analyze all possible threat models during the course of an app install is unrealistic. Counting on that user behavior in the context of an app where an employer cares about data security is a non-starter. Thanks. On Tue, Jan 4, 2011 at 8:23 PM, Dianne Hackborn <[email protected]> wrote: > On Tue, Jan 4, 2011 at 8:02 PM, perumal316 <[email protected]> wrote: > >> Ok. Meaning those custom keyboards available for installation to >> Android can be potentially malicious? >> > > Well everything in the world can potentially be malicious. You'll need to > specify more fine-grained what you mean. If you mean that an IME you > install, enable, and select, which also has a way to get internet access > (such as through the internet permission), can log everything you are typing > and upload it to the internet... then sure. That's explicitly what it is > allowed to do. > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
