At one point HTC's fancy keyboard logged everything to logcat with no hacking or "malicious" app needed..
(https://code.google.com/p/cyanogenmod/issues/detail?id=445 but the IME came from HTC) Even though users (and some devs) have adopted "click yes to make this work" security, I'd really love to see the "read logfiles" limited to that specific app and maybe a defined subset of system-wide messages (eg GC, memory kills, etc) instead of providing everything.. On Tue, Jan 4, 2011 at 11:02 PM, perumal316 <[email protected]> wrote: > Hi Dianne Hackborn, > > Ok. Meaning those custom keyboards available for installation to > Android can be potentially malicious? > > Regards, > Perumal > > On Jan 5, 11:18 am, Dianne Hackborn <[email protected]> wrote: > > Well we certainly wouldn't want it to be possible. You could of course > > write your own IME that when in use logs all the events being generated. > > > > > > > > > > > > On Tue, Jan 4, 2011 at 7:01 PM, perumal316 <[email protected]> wrote: > > > Hi All, > > > > > Even though there has been news of malicious Android applications, > > > these applications mostly steal personal information, location etc. > > > > > But there has not been any incidents of a keyboard logger in Android. > > > > > Is it because it is not possible in Android? > > > Inter Process Communication (IPC) offers some kind of protection? > > > > > Trying to understand the security model of Android but could not find > > > any lead on this subject. > > > > > Thanks and Regards, > > > Perumal > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Android Security Discussions" group. > > > To post to this group, send email to > > > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<android-security-discuss%[email protected]> > <android-security-discĀuss%[email protected]<uss%[email protected]> > > > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/android-security-discuss?hl=en. > > > > -- > > Dianne Hackborn > > Android framework engineer > > [email protected] > > > > Note: please don't send private questions to me, as I don't have time to > > provide private support, and so won't reply to such e-mails. All such > > questions should be posted on public forums, where I and others can see > and > > answer them.- Hide quoted text - > > > > - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
