Thanks for the fast response. So one could, in theory, create an app that snatches up all of the apks on every phone that installs it? And send them all to my server?
And anything in those apks, from analytics account keys to ... whatever, I would have access to, including any side-loaded corporate apps, if someone were to have been a little sloppy with the strings, etc? Sorry in advance if I am "late to the party" on this... On Fri, Feb 4, 2011 at 10:53 AM, Dianne Hackborn <[email protected]>wrote: > An .apk is always world-readable, unless it is forward locked (which is now > deprecated), in which case there is still a world-readable file that is > constructed with only the app's resources. > > On Fri, Feb 4, 2011 at 10:12 AM, Jeff Enderwick > <[email protected]>wrote: > >> What is the official stance on apps being able to open/read the contents >> of the apk of a different (unrelated) app? >> >> "Sure, no problem, what could be wrong with that?" >> >> -OR- >> >> "Should not be possible, unless there is a bug or physical connection to >> the device" >> >> Implications of being side-loaded vs marketplace-loaded? >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]<android-security-discuss%[email protected]> >> . >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> > > > > -- > Dianne Hackborn > Android framework engineer > [email protected] > > Note: please don't send private questions to me, as I don't have time to > provide private support, and so won't reply to such e-mails. All such > questions should be posted on public forums, where I and others can see and > answer them. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
