Re: Fw: [android-developers] Re: Android and bluetooth
On Tue, Jan 6, 2009 at 8:44 PM, Qwavel qwa...@gmail.com wrote: Hi Dianne, Thanks for your response. I'd like to address some of your points. users should not worry about the apps they install doing unexpected harmful things I believe that limiting the functionality of the phone/API enough to achieve complete safety for any application would be very difficult. If it is even possible, then I think it would result in a neutered platform. So why not require digital signatures or user approval for risky application behaviors instead of removing the functionality in question? That's exactly how our platform works. The user has to OK the permissions an application requires at install time. Unpaired communication would definitely be a strongly worded permission, as suggested earlier on this thread. But even then, for better or worse, a lot of users don't pay a lot of attention to these permissions. So we _still_ need to think very carefully about the security implications of the functionality we are going to expose. Getting the balance of functionality vs security right is not simple, as Dianne was explaining. the security side is just as critical but a lot more subtle ... just saying that platform X does it so it is okay to do it on Android as well is not enough. I don't deny the importance and subtly of the security issue. That is why I thought it was important to note what the rest of the industry has done. Companies like Nokia share the concerns of Google about developing a healthy application ecosystem but they have gone much further then I am suggesting and made this bluetooth functionality wide open - I think this observation is very relevant. There is a huge amount of empirical data for you to draw upon now: hundreds of millions of phones, from all brands except RIM and Apple, that allow applications the functionality in question. No other mobile phone operating system allows casual users to so easily download and install untrusted, third party applications. And the ones that come close prevent Bluetooth applications from communicating with unpaired devices. This isn't helping your argument one bit :) In any case, 'the rest of the industry does it this way' is not the right discussion, and isn't going to get you anywhere. We can do better. Tom. On Jan 6, 10:26 pm, Dianne Hackborn hack...@android.com wrote: I think you are being overly dismissive of the security repercussions. One of our goals with Android is to create an open and thriving third party application market. Two cornerstones of doing this is that it should be dead easy for a user to find and install an application, and users should not worry about the apps they install doing unexpected harmful things. The former is a fairly clear goal, but the security side is just as critical but a lot more subtle -- each little piece you take out of the security picture is a growing, long-term detriment to the user's trust. From the very start, our approach with Android security has been as conservative as possible: if there is an application feature that seems dangerous, we'll try to either take the time needed to think about and address of its repercussions, or wait on making it available. The same approach needs to be taken here, everything thought through before making it available. This sounds like it requires enough thought that it probably doesn't make sense to have in a 1.0 API (though Nick would know better than I). At any rate, just saying that platform X does it so it is okay to do it on Android as well is not enough. PalmOS lets apps patch the core OS to insert their tendrils into everything it does; should that also be allowed on Android? I wouldn't think so. That isn't to say a feature shouldn't be there, but it should be done with thought and consideration to all of the repercussions it has. On Sun, Dec 21, 2008 at 10:01 PM, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of
Re: Fw: [android-developers] Re: Android and bluetooth
Hi all, Which group should I put the messages about *cupcake* bluetooth into? Any idea? thanks, husheng Qwavel wrote: Is there any update on this? Specifically, have decisions been made about whether to limit bluetooth comm to paired devices - as discussed below? Thanks, Tom. On Dec 22 2008, 1:01 am, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about thebluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware,Bluetoothdata connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limitsbluetoothis the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe thatbluetoothcommunication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to preventBluetoothdata connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
On Jan 7, 3:20 am, Nick Pelly npe...@google.com wrote: On Tue, Jan 6, 2009 at 8:44 PM, Qwavel qwa...@gmail.com wrote: Hi Dianne, Thanks for your response. I'd like to address some of your points. users should not worry about the apps they install doing unexpected harmful things I believe that limiting the functionality of the phone/API enough to achieve complete safety for any application would be very difficult. If it is even possible, then I think it would result in a neutered platform. So why not require digital signatures or user approval for risky application behaviors instead of removing the functionality in question? That's exactly how our platform works. The user has to OK the permissions an application requires at install time. Unpaired communication would definitely be a strongly worded permission, as suggested earlier on this thread. But even then, for better or worse, a lot of users don't pay a lot of attention to these permissions. So we _still_ need to think very carefully about the security implications of the functionality we are going to expose. Getting the balance of functionality vs security right is not simple, as Dianne was explaining. the security side is just as critical but a lot more subtle ... just saying that platform X does it so it is okay to do it on Android as well is not enough. I don't deny the importance and subtly of the security issue. That is why I thought it was important to note what the rest of the industry has done. Companies like Nokia share the concerns of Google about developing a healthy application ecosystem but they have gone much further then I am suggesting and made this bluetooth functionality wide open - I think this observation is very relevant. There is a huge amount of empirical data for you to draw upon now: hundreds of millions of phones, from all brands except RIM and Apple, that allow applications the functionality in question. No other mobile phone operating system allows casual users to so easily download and install untrusted, third party applications. And the ones that come close prevent Bluetooth applications from communicating with unpaired devices. This isn't helping your argument one bit :) Now I'm confused. My system provides browsing over bluetooth with the ability for phones to 'roam' across a mesh of bluetooth access points. Most European phones can do this. I have tested many phones from all the manufacturers. As for ease of installation, on most of these phones I can even distribute my software (or any untrusted, third party applications) via bluetooth. This is very simple and requires no pairing. I have not tried this on Android, but I don't see how Android could make it simpler. Most phones require network access permission for the browsing but that is no problem. The only brands that are incapable of this are the blackberry's (because they require pairing) and the iPhone (which has very limited bluetooth capability). Tom. In any case, 'the rest of the industry does it this way' is not the right discussion, and isn't going to get you anywhere. We can do better. Tom. On Jan 6, 10:26 pm, Dianne Hackborn hack...@android.com wrote: I think you are being overly dismissive of the security repercussions. One of our goals with Android is to create an open and thriving third party application market. Two cornerstones of doing this is that it should be dead easy for a user to find and install an application, and users should not worry about the apps they install doing unexpected harmful things. The former is a fairly clear goal, but the security side is just as critical but a lot more subtle -- each little piece you take out of the security picture is a growing, long-term detriment to the user's trust. From the very start, our approach with Android security has been as conservative as possible: if there is an application feature that seems dangerous, we'll try to either take the time needed to think about and address of its repercussions, or wait on making it available. The same approach needs to be taken here, everything thought through before making it available. This sounds like it requires enough thought that it probably doesn't make sense to have in a 1.0 API (though Nick would know better than I). At any rate, just saying that platform X does it so it is okay to do it on Android as well is not enough. PalmOS lets apps patch the core OS to insert their tendrils into everything it does; should that also be allowed on Android? I wouldn't think so. That isn't to say a feature shouldn't be there, but it should be done with thought and consideration to all of the repercussions it has. On Sun, Dec 21, 2008 at 10:01 PM, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about the bluetooth
Re: Fw: [android-developers] Re: Android and bluetooth
Is there any update on this? Specifically, have decisions been made about whether to limit bluetooth comm to paired devices - as discussed below? Thanks, Tom. On Dec 22 2008, 1:01 am, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about thebluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware,Bluetoothdata connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limitsbluetoothis the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe thatbluetoothcommunication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to preventBluetoothdata connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
I think you are being overly dismissive of the security repercussions. One of our goals with Android is to create an open and thriving third party application market. Two cornerstones of doing this is that it should be dead easy for a user to find and install an application, and users should not worry about the apps they install doing unexpected harmful things. The former is a fairly clear goal, but the security side is just as critical but a lot more subtle -- each little piece you take out of the security picture is a growing, long-term detriment to the user's trust. From the very start, our approach with Android security has been as conservative as possible: if there is an application feature that seems dangerous, we'll try to either take the time needed to think about and address of its repercussions, or wait on making it available. The same approach needs to be taken here, everything thought through before making it available. This sounds like it requires enough thought that it probably doesn't make sense to have in a 1.0 API (though Nick would know better than I). At any rate, just saying that platform X does it so it is okay to do it on Android as well is not enough. PalmOS lets apps patch the core OS to insert their tendrils into everything it does; should that also be allowed on Android? I wouldn't think so. That isn't to say a feature shouldn't be there, but it should be done with thought and consideration to all of the repercussions it has. On Sun, Dec 21, 2008 at 10:01 PM, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe that bluetooth communication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to
Re: Fw: [android-developers] Re: Android and bluetooth
On Tue, Jan 6, 2009 at 7:10 PM, Qwavel qwa...@gmail.com wrote: Is there any update on this? Specifically, have decisions been made about whether to limit bluetooth comm to paired devices - as discussed below? We are unlikely to have this in the first Bluetooth API release. I don't think developers would be very excited about us holding up a first release while we debate and then implement this. That doesn't mean we can not add it later. Android moves pretty quick. Thanks, Tom. On Dec 22 2008, 1:01 am, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about thebluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware,Bluetoothdata connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limitsbluetoothis the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe thatbluetoothcommunication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to preventBluetoothdata connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
On Jan 6, 10:26 pm, Dianne Hackborn hack...@android.com wrote: I think you are being overly dismissive of the security repercussions. One of our goals with Android is to create an open and thriving third party application market. Two cornerstones of doing this is that it should be dead easy for a user to find and install an application, and users should not worry about the apps they install doing unexpected harmful things. The former is a fairly clear goal, but the security side is just as critical but a lot more subtle -- each little piece you take out of the security picture is a growing, long-term detriment to the user's trust. From the very start, our approach with Android security has been as conservative as possible: if there is an application feature that seems dangerous, we'll try to either take the time needed to think about and address of its repercussions, or wait on making it available. The same approach needs to be taken here, everything thought through before making it available. This sounds like it requires enough thought that it probably doesn't make sense to have in a 1.0 API (though Nick would know better than I). At any rate, just saying that platform X does it so it is okay to do it on Android as well is not enough. PalmOS lets apps patch the core OS to insert their tendrils into everything it does; should that also be allowed on Android? I wouldn't think so. That isn't to say a feature shouldn't be there, but it should be done with thought and consideration to all of the repercussions it has. On Sun, Dec 21, 2008 at 10:01 PM, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe that bluetooth communication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark -- Dianne Hackborn Android framework engineer hack...@android.com Note: please don't send private questions to me, as I don't have time to provide private support. All such questions should be posted on public forums, where I and others can see and answer them. --~--~-~--~~~---~--~~
Re: Fw: [android-developers] Re: Android and bluetooth
Nick, I'm sorry to hear this, but I understand the need to add some sort of bluetooth API to Android as quickly as possible. I look forward to v1.1. Thanks, Tom. On Jan 6, 11:07 pm, Nick Pelly npe...@google.com wrote: On Tue, Jan 6, 2009 at 7:10 PM, Qwavel qwa...@gmail.com wrote: Is there any update on this? Specifically, have decisions been made about whether to limit bluetooth comm to paired devices - as discussed below? We are unlikely to have this in the first Bluetooth API release. I don't think developers would be very excited about us holding up a first release while we debate and then implement this. That doesn't mean we can not add it later. Android moves pretty quick. Thanks, Tom. On Dec 22 2008, 1:01 am, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about thebluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware,Bluetoothdata connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limitsbluetoothis the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe thatbluetoothcommunication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to preventBluetoothdata connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
Hi Dianne, Thanks for your response. I'd like to address some of your points. users should not worry about the apps they install doing unexpected harmful things I believe that limiting the functionality of the phone/API enough to achieve complete safety for any application would be very difficult. If it is even possible, then I think it would result in a neutered platform. So why not require digital signatures or user approval for risky application behaviors instead of removing the functionality in question? the security side is just as critical but a lot more subtle ... just saying that platform X does it so it is okay to do it on Android as well is not enough. I don't deny the importance and subtly of the security issue. That is why I thought it was important to note what the rest of the industry has done. Companies like Nokia share the concerns of Google about developing a healthy application ecosystem but they have gone much further then I am suggesting and made this bluetooth functionality wide open - I think this observation is very relevant. There is a huge amount of empirical data for you to draw upon now: hundreds of millions of phones, from all brands except RIM and Apple, that allow applications the functionality in question. Tom. On Jan 6, 10:26 pm, Dianne Hackborn hack...@android.com wrote: I think you are being overly dismissive of the security repercussions. One of our goals with Android is to create an open and thriving third party application market. Two cornerstones of doing this is that it should be dead easy for a user to find and install an application, and users should not worry about the apps they install doing unexpected harmful things. The former is a fairly clear goal, but the security side is just as critical but a lot more subtle -- each little piece you take out of the security picture is a growing, long-term detriment to the user's trust. From the very start, our approach with Android security has been as conservative as possible: if there is an application feature that seems dangerous, we'll try to either take the time needed to think about and address of its repercussions, or wait on making it available. The same approach needs to be taken here, everything thought through before making it available. This sounds like it requires enough thought that it probably doesn't make sense to have in a 1.0 API (though Nick would know better than I). At any rate, just saying that platform X does it so it is okay to do it on Android as well is not enough. PalmOS lets apps patch the core OS to insert their tendrils into everything it does; should that also be allowed on Android? I wouldn't think so. That isn't to say a feature shouldn't be there, but it should be done with thought and consideration to all of the repercussions it has. On Sun, Dec 21, 2008 at 10:01 PM, Qwavel qwa...@gmail.com wrote: Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe that bluetooth communication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to prevent Bluetooth data connections (RFCOMM) from apps
Re: Fw: [android-developers] Re: Android and bluetooth
Nick, Thanks for participating in this open conversation about the bluetooth API - this is the first time that I'm aware of that outside developers have had the opportunity to express themselves at this stage in the development of a phone OS/API. As I'm sure you are aware, Bluetooth data connection between apps are supported by JSR82. To the best of my knowledge, the only platform on which pairing is required for these connections is the Blackberry. As far as I can tell, this was done for the pretense of security since the platform was originally only targeted at the enterprise market. On the Blackberry dev forums I regularly see confusion and surprise about this restriction. The only other platform (beside the Blackberry) which really limits bluetooth is the iPhone, but this is expected of Apple. I am being dismissive about the security advantages of the blackberry approach for these reasons: - The majority of phones available now (in Europe but not in the US) allow full access to JSR82, without requiring pairing, and without even requiring that the midlet be signed. - More importantly, I've not encountered any regret about this, or any sense that it is a mistake. Instead, easy access to JSR82 is spreading: now, even LG and Samsung are starting to provide this. - Security concerns like this should not be addressed by limiting the functionality of the system, when they can be addressed at the application security level. I can't comment on the difficulty of implementing this, but certainly it would be better to produce an OS that is not limited in the way that the BB and iPhone are. If you really believe that bluetooth communication without pairing is a security hole - and I believe that Nokia and SE have shown that it isn't - then I think it would be better handled by the application level security mechanisms. Thanks, Tom. On Dec 3, 12:22 pm, Nick Pelly npe...@google.com wrote: We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice markbr...@zedray.co.uk wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetoothsupport. Example: Alice and Bob both have my client running on their phones, and walk withinBluetoothrange of each other in a social setting. I want the application to: (a) Be able to detect the otherBluetoothphone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers-unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
Hi Nick I can see there is a use case for this. If we were to do this, it would be through a scary sounding bluetooth permission. This application can connect to untrusted Bluetooth devics. We'll have to think about this a little. I would do it this way: (1) Application permission: This application can connect to any untrusted Bluetooth device without asking your permission. (2) To get this to work the user must manually activate Bluetooth, and then select an extra check box for Bluetooth Ad Hoc communication (seeing another scary warning) in the Bluetooth settings. The user is then shown a list of currently installed applications that make use of this feature, having to activate (or disable) this feature for each individual application. It would be the responsibility of application developer to detect when this feature is disabled, and then guide the user towards the Bluetooth settings panel. (3) Make the Android market a website, and make it searchable by permission. This would allow the community to find and strike down applications that misuse this capability. I think this would be enough hoops for the user to jump through while keeping the user in control, and making it more secure than existing Symbian Bluetooth implementations. The first step is to get any Bluetooth API out. Let me work on that first :) I’ve used enough bad Bluetooth stacks to know not to ask you to hurry ;-) …But you can put me down as a vested interest if you require some outside validation in this area. Thanks for listening Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
RE: Fw: [android-developers] Re: Android and bluetooth
Hi, Another common use for Bluetooth from applications is connecting to mobile printers through SPP, I use it very much on SFA and other applications that require printing. G1 (and forthcomings) are very likely to be used by corporate applications in this kind of automation. In other operating systems like PalmOS and Windows Mobile, pairing a printer is nothing more than adding it to the trusted devices list and entering the PIN. Of course it can be done manually of via BT API. After that, just acquire a handle to the virtual serial port and send/receive data. Marcio Alexandroni www.cialogica.com w Tel. 55 11 3717-2345 Cel. 55 11 9989-8316 [EMAIL PROTECTED] marcioalexandroni -Original Message- From: android-developers@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of whitemice Sent: Thursday, December 04, 2008 06:55 To: Android Developers Subject: Re: Fw: [android-developers] Re: Android and bluetooth Hi Nick I can see there is a use case for this. If we were to do this, it would be through a scary sounding bluetooth permission. This application can connect to untrusted Bluetooth devics. We'll have to think about this a little. I would do it this way: (1) Application permission: This application can connect to any untrusted Bluetooth device without asking your permission. (2) To get this to work the user must manually activate Bluetooth, and then select an extra check box for Bluetooth Ad Hoc communication (seeing another scary warning) in the Bluetooth settings. The user is then shown a list of currently installed applications that make use of this feature, having to activate (or disable) this feature for each individual application. It would be the responsibility of application developer to detect when this feature is disabled, and then guide the user towards the Bluetooth settings panel. (3) Make the Android market a website, and make it searchable by permission. This would allow the community to find and strike down applications that misuse this capability. I think this would be enough hoops for the user to jump through while keeping the user in control, and making it more secure than existing Symbian Bluetooth implementations. The first step is to get any Bluetooth API out. Let me work on that first :) I’ve used enough bad Bluetooth stacks to know not to ask you to hurry ;-) …But you can put me down as a vested interest if you require some outside validation in this area. Thanks for listening Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetooth support. Example: Alice and Bob both have my client running on their phones, and walk within Bluetooth range of each other in a social setting. I want the application to: (a) Be able to detect the other Bluetooth phone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user’s permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Nick Android Systems Engineer On Wed, Dec 3, 2008 at 1:37 AM, whitemice [EMAIL PROTECTED] wrote: Hi Nick While we are on the subject, I am looking for Android *Ad-hoc* Bluetooth support. Example: Alice and Bob both have my client running on their phones, and walk within Bluetooth range of each other in a social setting. I want the application to: (a) Be able to detect the other Bluetooth phone in the room (b) Detect that the same application is running on the other phone (c) Create a data connection between the two phones without asking for the user's permission (permission is granted beforehand). Is this considered a security problem, or will this kind of thing be allowed in the new API? Some more info on what I am doing…. http://blog.zedray.com/snowball/ Regards Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
Hi Nick Thanks for getting back to me. We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Right, so none of these Symbian apps are possible on Android… Nokia Sensor (http://en.wikipedia.org/wiki/Nokia_Sensor) Bedd (http://www.bedd.com) FluidNexus (http://www.inclusiva-net.es/fluidnexus/) Imity (http://imity.com/pocket-radar) etc… How about creating a separate permission for ad-hoc Bluetooth networking? …or making it user configurable? Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
I can see there is a use case for this. If we were to do this, it would be through a scary sounding bluetooth permission. This application can connect to untrusted Bluetooth devics. We'll have to think about this a little. The first step is to get any Bluetooth API out. Let me work on that first :) Nick Android Systems Engineer On Wed, Dec 3, 2008 at 2:02 PM, whitemice [EMAIL PROTECTED] wrote: Hi Nick Thanks for getting back to me. We are likely to prevent Bluetooth data connections (RFCOMM) from apps unless the two phones have been paired. It's really hard to make security work any other way. Right, so none of these Symbian apps are possible on Android… Nokia Sensor (http://en.wikipedia.org/wiki/Nokia_Sensor) Bedd (http://www.bedd.com) FluidNexus (http://www.inclusiva-net.es/fluidnexus/) Imity (http://imity.com/pocket-radar) etc… How about creating a separate permission for ad-hoc Bluetooth networking? …or making it user configurable? Mark --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
I need to use SPP (Serial Port Profile) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
Re: Fw: [android-developers] Re: Android and bluetooth
I would like to add multiplayer support to Light Racer using bluetooth so whatever allows device discovery, pairing and then streaming transfer is what I need :) On Dec 1, 7:20 am, supernova [EMAIL PROTECTED] wrote: I need to use SPP (Serial Port Profile) --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Fw: [android-developers] Re: Android and bluetooth
Any idea when a version with BT support will be released? I need to choose a mobile platform for a project and BT support is required. On 24 nov, 13:45, Mark Murphy [EMAIL PROTECTED] wrote: Android geek wrote: That means, I will have to forget BT until the next release of SDK? You have two choices: 1. Work with the core Android team, over onhttp://source.android.com, to add greater BT support. 2. Wait until that work gets done by somebody else. In either case, to use it in an SDK-level application (versus in the firmware), you will most likely need to wait until the next release of the SDK. -- Mark Murphy (a Commons Guy)http://commonsware.com _The Busy Coder's Guide to Android Development_ Version 1.4 Published! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Fw: [android-developers] Re: Android and bluetooth
Bluetooth is a big category. What feature(s) do you need? On Nov 25, 1:26 am, supernova [EMAIL PROTECTED] wrote: Any idea when a version with BT support will be released? I need to choose a mobile platform for a project and BT support is required. On 24 nov, 13:45, Mark Murphy [EMAIL PROTECTED] wrote: Android geek wrote: That means, I will have to forget BT until the next release of SDK? You have two choices: 1. Work with the core Android team, over onhttp://source.android.com, to add greater BT support. 2. Wait until that work gets done by somebody else. In either case, to use it in an SDK-level application (versus in the firmware), you will most likely need to wait until the next release of the SDK. -- Mark Murphy (a Commons Guy)http://commonsware.com _The Busy Coder's Guide to Android Development_ Version 1.4 Published! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---
[android-developers] Re: Fw: [android-developers] Re: Android and bluetooth
Android geek wrote: That means, I will have to forget BT until the next release of SDK? You have two choices: 1. Work with the core Android team, over on http://source.android.com, to add greater BT support. 2. Wait until that work gets done by somebody else. In either case, to use it in an SDK-level application (versus in the firmware), you will most likely need to wait until the next release of the SDK. -- Mark Murphy (a Commons Guy) http://commonsware.com _The Busy Coder's Guide to Android Development_ Version 1.4 Published! --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Android Developers group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en -~--~~~~--~~--~--~---