On Feb 1, 2012, at 21:20 , Paul Libbrecht wrote:
Le 1 févr. 2012 à 21:03, Boris Zbarsky a écrit :
Android goes somewhat in this direction with its app-security model...
With all due respect, the app-security model on Android is a joke.
Everyone just clicks through the permissions grant
I agree that the current UI is not great. However, I disagree about
everyone clicking through permission grants. I've done two user studies
and found that about ~18% of people look at permissions for a given
installation, and about ~60% look occasionally. We found that most have no
idea
Android developers chronically misunderstand and misuse Android Intents, and
these mistakes lead to security bugs. To illustrate how prevalent the
confusion is, Erika Chin and I found that 9 of 20 popular Android
apps (45%!) contain security vulnerabilities due to misusing Intents. I've
also