On 04/05/2012 03:06 PM, r3dRAND wrote: > Does that imply that if an app requests a non-existent permission, > say, "TELEPATHY_SEND_RCV", then it will be silently accepted. Then, > if Android 6 supports that permission and the user upgrades the OS, > the app would execute with that permission w/o any confirmation?
Yes, there's even a comment in the PackageManagerService class source where the author muses that this is possible, and notes that they should potentially do something about that at some point. I'm not sure whether that's better or worse than simply overlooking it completely. =) Of course, this is the same security-critical class that has a 400 line constructor, which alone contains the word "hack" three times. - moxie -- http://www.thoughtcrime.org _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
