On Thu, Apr 3, 2014 at 4:41 AM, Guido Witmond <gu...@witmond.nl> wrote: > On 04/03/14 01:31, Ryan Carboni wrote: >> hackers will always take the path of least resistance as rational human >> beings >> you will see more trojans in the wild as a result of this > > Agreed, when passive spying is impossible, spies go for active attacks. > > Current operating systems (Windows, Linux, MacOS) are not designed to > protect against trojan horses. > > Android does slightly better with its permission model. However, it > forces people to think like programmers to decide whether a certain > permission is needed for an app or not. Adding to the problem you mention. Android is all-or-nothing perms/caps at install time. You can't selectively turn off, for example, access to the network and address book for the flashlight app. Gutmann pokes fun at the model in his Engineering Security book.
Selective enable/disable of perms/cpas was recently added to Android via App Ops in 4.3. App Ops continued for a while in Android 4.4, but was removed in Android 4.4.2. See "Google Removes Vital Privacy Feature From Android, Claiming Its Release Was Accidental", https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them. Apple and Microsoft allow selective perms/caps at runtime. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
