On Mon, Mar 21, 2011 at 2:06 AM, Doug <beafd...@gmail.com> wrote: > Just for the sake of argument, what do you think is the worst thing that a > malicious app can do if one of its classes is loaded into another app that > is using this technique? I understand there could be problems if you call > methods on a loaded class and happen to pass it a reference to something > sensitive. But just loading a class?
First, "just loading a class" would invoke all static initializers; otherwise, it would be loaded. Second, nobody would be "just loading a class" in all likelihood. For example, the OP wants to load in a custom View from another app, and that will involve a wee bit more than "just loading a class", such as invoking constructors and methods. In either case, the third-party code can get control and do whatever it wants within that process (read a database, delete files, perform actions using permissions, etc.). -- Mark Murphy (a Commons Guy) http://commonsware.com | http://github.com/commonsguy http://commonsware.com/blog | http://twitter.com/commonsguy _The Busy Coder's Guide to Android Development_ Version 3.5 Available! -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to android-developers@googlegroups.com To unsubscribe from this group, send email to android-developers+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
