On Sun, Jan 6, 2013 at 10:07 PM, mark gross <[email protected]> wrote: > I wonder how google driver can know what PC I'm syncing from such that they > can block it. That sounds like it may not be true that an admin of the > drive folder can block syncing to a PC. No, don't blacklist. Whitelist.
Whitelisting is probably useless though due to accidental and intentional name collisions. You probably need something with authentication and entitlements. Authentication would occur with public key. Jeff > (BTW even if you have a strong password you better also be using encrypted > disk's because I'll just pull the drive and slave it to a Linux or even > windows box and mount it to extract all the data I like.) > > Also, google doesn't "own" the configuration or the binary load that goes on > that stick device. From an IT security point of view its yet another > untrusted usb dongle. Who are you asking to fix what here? And how could > it be enforced? > > You have an entire root of trust discussion you need to work through to get > anywhere on this topic. AFAIK all those stick devices are basically rooted > hacker toys. If you are worried about security I would not be using them > anywhere with a real google account. Even if I compiled the code myself > (because alone I can't test it enough to be confident WRT its security) > > This isn't something that can be fixed on the client side IMO. > > --mark > > > On Sun, Jan 6, 2013 at 5:21 PM, chicken <[email protected]> wrote: >> >> Indeed you can extend this concern to laptops however two things..... >> One is Google apps chanel allows the administrator to stop local drive >> sync to pc or mac. There is no ability to block android devices. This >> is the reason why it's so troubling or put another way the reason >> Google can justify not giving control to administrators over mobile >> devices ability to sync drive. Two.. Most enterprises will have their >> pcs including laptops joined to a ms server domain requiring the >> windows device to have a complex password. Yes hackable but not easy/ >> fast. >> >> I've had someone more technical than me look at the stick software. He >> thinks the issue is the configuration file has the lock screen >> attribute set to '0'. My amateur solution to Google would be that the >> device policy checks that the lock screen setting is set to 1 >> otherwise it will not allow any syncing. >> >> If Google can't do this then they need to give app administrators the >> power to stop all devices (not just pc and mac) which from syncing >> drive. >> >> . On Jan 6, 6:05 pm, mark gross <[email protected]> wrote: >> > Well, you can extend this FUD storm to any hackable / unlocked device >> > including laptops. What you are really asking for is a new type of >> > google >> > account that is only accessible from devices google or some configured >> > CA >> > like entity trusts. Not an unreasonable ask. Tricky to implement. Not >> > just an Android problem. >> > >> > IMO this is a bigger discussion than just android. If I steal someone's >> > personal laptop I can do the same things to the victim. >> > >> > However; for the android domain, perhaps a policy engine on the google >> > back >> > end that works with enterprise clients via widevine cirts would be made >> > to >> > work. >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
