Dnia 2013-09-21, o godz. 18:28:28 Dale Harvey <[email protected]> napisał(a):
> Requiring devs to have a pin code to enable debugging seems like more > than enough protection and for further measures it seems remote wipe > is far more useful than things that require us to wipe data (possible > the data we are trying to debug) before being able to debug it If by "pin code" you mean PIN on SIM card then it's not enough since all attacker has to do in order go steal your data is to use his own SIM card. I agree that wiping data first time we turn debugging on is not ideal since this makes it hard to "start being developer" after we used the phone for some time but remote wipe has it's downsides too. It does not protect from "evil maid" attacks and many people seems to be concerned about them. What is more important to me is that it may be too late when you realize that your phone was stolen (couple minutes are enough to copy all the data by attacker). Also, how should that remote wipe work? Over the Internet or there is some other way I'm not aware off? If it's the first one, then the first thing that attacker will do is to disconnect the phone from the Internet. And even if he doesn't, it's likely that stolen phone just won't have continues Internet connectivity enabled. I personally often turn Internet connection off to safe battery and I usually turn it off completely when going abroad because it's too expensive in roaming. _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
