Hello all,
I've a question. I'm currently looking at opimd code with a view to
perhaps rewriting it in vala. That, as far as I know, was always on the list
of things to do and as an education to myself I thought it might be a usefull
exercise. I mean it's not critical as opimd is there and works well so it's a
handy starter exercise.
Anyhow whilst mulling over things in my head I remebered that in recent weeks
Android was hit by the shocking revelation that some installed apps were
transmitting Personal Data to remote parties. Then there was the further
shocking info that the iPhone suffers from the same problem.
I'm thinking that there ain't a whole pile you can do to secure PIM data,
especially in an Open Source, implementation. That's what I'm thinking and
I'll readily admit that I don't know squat about securing data. It seems to me
that the first step to securing the data is saying that only the SHR supplied
apps can access this data. That's not really good for choice which is one of
the mail advantages of Open Systems. Even if you said that only SHR supplied
apps could access this info if the apps source is readily available then
you've achieved nothing.
I've admitted that I know squat but is there anybody who can offer a clever
idea which might be used to secure PIM data. I'm just curious.
And don't mention that the phone runs as root at present so it ain't the most
secure. That's another discussion that I know squat about. In the ideal world
where the phone did not run as root how would you secure PIM. I suppose that
might well be the answer different user id's. Hmm only user "pim" or group
"pim" can read pim data. Still that probably curtails third party developers
writing a really cool app. They'll have to be able to access PIM.
Catch 22 you either have an open system that allows third party apps or you
have secure data.
_______________________________________________
Shr-devel mailing list
[email protected]
http://lists.shr-project.org/mailman/listinfo/shr-devel
