The current version of Android is available to you. This is the same code that is shipping on the very most recent devices.
Did I ever say an IME can not be malicious? No I did not. In fact I have said multiple times now that an IME is intrinsically in a good spot to be malicious, so you as a user must trust one you are using, which is why the warning dialog is there. As far as what HTC has done -- *everyone* has shipped an Android device with a security hole, like any other platform. Whether they put the log in their IME or in the framework somewhere where it dispatches events, I don't see that this makes much of a difference. It's a security hole either way, which was found, reported, and relatively quickly fixed. On Wed, Jan 5, 2011 at 11:09 AM, Disconnect <[email protected]> wrote: > What does that your aspersion have to do with getting the actual current > dev tree instead of the old versions on the website? (And at the end of the > day, actually, none of it has anything to do with the original question, > which I think was answered: yes, an IME can be malicious, and HTC has even > shipped one that way. With, of course, no prompt to the user since it came > pre-installed.) > > > On Wed, Jan 5, 2011 at 1:57 PM, Dianne Hackborn <[email protected]>wrote: > >> On Wed, Jan 5, 2011 at 10:32 AM, Disconnect <[email protected]>wrote: >> >>> Great, where do I get access to the latest dev tree? >>> source.android.comseems to only carry old versions that are thrown over the >>> wall >>> occasionally.. >> >> >> I have personally been reviewing and approving a couple changes a day, in >> the core framework. There is nothing stopping you from contributing a patch >> except your own abilities. >> >> -- >> Dianne Hackborn >> Android framework engineer >> [email protected] >> >> Note: please don't send private questions to me, as I don't have time to >> provide private support, and so won't reply to such e-mails. All such >> questions should be posted on public forums, where I and others can see and >> answer them. >> >> > -- Dianne Hackborn Android framework engineer [email protected] Note: please don't send private questions to me, as I don't have time to provide private support, and so won't reply to such e-mails. All such questions should be posted on public forums, where I and others can see and answer them. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
