On Jan 26, 3:09 pm, Disconnect <[email protected]> wrote: > I would say it makes progress in two ways - it allows me to say "I don't > want to permit this" and make it stick, and it allows the developer to > codify that negotiation/trust level by saying "I am an ad-supported app and > you must allow this to work" verses "This is an optional feature and not > enabling it is fine."
Is it the proper role of the operating system to engage in enforcing dubious shrink-wrap clauses? > It also solves policy issues like "An app cannot have both my personally > valuable info and internet access" (whatever that info is to me as an > end-user, whether it is phone number or location or sd card access..) This hints at an often repeated, but quite dangerously mistaken security fallacy. If an application has access to personal data, it can probably succeed in leaking it, with the assistance of another 3rd party application or even the unwitting assistance of a built-in app. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
