On Mon, Aug 19, 2013 at 12:50 PM, James <james.col...@gmail.com> wrote: > Hi, > I've written a proof of concept apk that manages to send data back to my > server without the apk having the INTERNET permission. > What is the correct way to disclose this vulnerability? Or is this already > known? https://code.google.com/p/android/issues/. I believe there's a "security" checkbox that keeps it private until AOSP decides upon disposition.
> Or is this already known? Now how are we supposed to be able to answer that without seeing the bug or POC :) Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-security-discuss+unsubscr...@googlegroups.com. To post to this group, send email to android-security-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/android-security-discuss. For more options, visit https://groups.google.com/groups/opt_out.
