On Thursday, February 23, 2012 8:23:38 AM UTC-5, Mark Murphy (a Commons
Guy) wrote:
Basically looking for why android is designed for explicit permissions
declaration.. when it can be automatically discovered at compiler time
or at run time..
While the need for permissions could be
On Wed, Feb 29, 2012 at 7:06 PM, Chris Stratton cs07...@gmail.com wrote:
Yes, but the downside is that a fixed, install-time request requires that
all users of the app grant blanket permission for something which the app
may want to do rarely, only if optional feature are enabled, etc.
As for the various static analysis comments in the thread, in the denial
role its quite weak as self-modifying code will hide possibilities from it.
As a granting mechanism in the context of the present everything not
explicitly granted is denied model, it could work in the sense of being
That's not entirely true.
The team who did this paper did a fairly simple static analysis for
determining permissions use, and they didn't really comment on how
much reflection they handled. But in general I don't think it's an
inherent shortcoming of static analysis to determine reflective
On Thu, Feb 23, 2012 at 6:57 AM, Raja Nagendra Kumar
nagendra.r...@tejasoft.com wrote:
Hi,
Looking for some inputs why Android explicitly expects all the
permissions need to be declared in Android Manifest file..
Can Android Run time introspect at run time or during compile time and
prepare
Notice that I seemingly contradicted myself in my response to the
question and to Mark. I should point out that Mark's answer is
completely correct: people have a hard time with it, but I don't think
it's impossible (and a number of people have done such things for
similar uses of reflection, not
Hi,
Looking for some inputs why Android explicitly expects all the
permissions need to be declared in Android Manifest file..
Can Android Run time introspect at run time or during compile time and
prepare such info based on the API used by the application...
Can it made redundant..through
AFAIK, it was meant for security for the users who install the application.
When a user try to install your application, It will show up all the
permissions that you have requested in manifest file with a proper message
corresponding to that permission. Now, User can decide based on the phone
On Thu, Feb 23, 2012 at 6:57 AM, Raja Nagendra Kumar
nagendra.r...@tejasoft.com wrote:
Can Android Run time introspect at run time or during compile time and
prepare such info based on the API used by the application...
No.
Can it made redundant..through automatic application introspection..
Hi,
Regarding Can it made redundant..through automatic application
introspection..
It can be done, check out http://android-permissions.org/
A static analysis tool and permission map for identifying permission
use in Android applications
By the way, by saying that it can be done I'm not
Static analysis like this usually fails for things like reflection.
IOW, it will fail the same places that, say, ProGuard will fail.
On Thu, Feb 23, 2012 at 9:17 AM, Yaron Reinharts
yaron.reinha...@gmail.com wrote:
Hi,
Regarding Can it made redundant..through automatic application
11 matches
Mail list logo