On Tue, Jun 24, 2014, at 18:06, Hans-Christoph Steiner wrote: > I have the first working version of the TrustedIntents library.
Very cool! Your "trusted chooser" will be important. I would expect as much, if not more, malware to be packaged under package names different than their original ones. Users don't see package names, after all. So, if a user has installed a hacked Twitter client, it's important that they *don't* see that client come up in the trusted chooser, both to avoid using it and to start wondering "hey, why isn't my Twitter client showing up?". While the trusted chooser might not be warning them that they installed a hacked Twitter client, since it is under some other package name, the user at least gets a bit of a clue that something is amiss. I was doing some brainstorming recently in an adjacent space: crowdsourcing some herd immunity against hacked apps. While I haven't come up with a workable plan yet, one idea that I had might be relevant to you. For developers that actually follow the guidance of using reverse domain names as the basis for package names, we could adopt an SPF-type system, where the SHA-256 hash of the signing key is available as a DNS entry for the corresponding domain name. So, for example, if I published com.commonsware.this.app.is.cool as an app, a specially-crafted TXT entry for cool.is.app.this.commonsware.com would contain the signing key hash for that app. This would give us a means of validating the installed app's signature beyond whatever known good hashes are baked into the library or app. It's not as strong as I'd like, insofar as an Android app package name is not as tightly tied to a domain name as is a Web site. But, it might be a useful lookup as part of helping the user confirm whether the app is OK. Anyway, just a thought. Also, bear in mind that I am not a security expert, so take this idea with a fairly large grain of salt. -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 5.8: 2,700 Pages Strong! _______________________________________________ Guardian-dev mailing list Post: [email protected] List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To Unsubscribe Send email to: [email protected] Or visit: https://lists.mayfirst.org/mailman/options/guardian-dev/archive%40mail-archive.com You are subscribed as: [email protected]
