On Nov 12, 2013 9:04 AM, "Nicholas Weaver" <[email protected]> wrote: > >
> Overall, IMO, Android is only secure if you never install any applications. As soon as you install too many random applications (especially advertisement-sponsored applications) from the Google Play store, your phone should be assumed to be vulnerable to network-based attacks from any adversary who can see your traffic. I disagree. A rooted/jailbroken device is obviously a bomb waiting to go off, but the Android and iOS security models are both pretty good otherwise. The discussion of when to prompt is tricky. Arguably, prompt on first use penalizes good apps, because the bad guys ask for everything at install time... people rarely actually look at those prompts. There are points on the other side too, but it's not a slam dunk. > > iOS is much better in this respect, simply because without escalating to root (a jailbreak exploit), even a corrupted app can't do all that much, since apple provides a MUCH more limited API and privacy-sensitive items are prompt on first use. > > -- > Nicholas Weaver it is a tale, told by an idiot, > [email protected] full of sound and fury, > 510-666-2903 .signifying nothing > PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc > > > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass >
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
