I think you are thinking about this wrong, what this I believe is directed to is that you have no permissions on necessarily on files on an sdcard. So If I hook the phone up to the computer and I mount the sdcard you no longer have access to the files because its mounted to the computer. More so the security of the phone is not enforced upon the files so you may not have permissions assigned to say a document on an sdcard such that it is read only. When you mount a filesystem on say an sdcard you end up with the permissions of the user that mounted the files, thusly yourself. This is normal behavior unless there is something I'm not picking up here from the wording.
On Aug 27, 10:25 am, Eric Dorman <[email protected]> wrote: > Ok, um I'll try to cite it. > > Maybe I have this completely wrong. > > "External files can disappear if the user mounts the external storage > on a computer or removes the media, and there's no security enforced > upon files you save to the external storage. All applications can read > and write files placed on the external storage and the user can remove > them." > > -Android Dev Docs > > Say I hooked up my phone to the computer and I wanted to transfer some > files like maybe a media file or something like that. > > Not the best example I know,but I hope it gives you an idea of what I > am thinking. > > On Aug 27, 10:13 am, Tauren <[email protected]> wrote: > > > I'm still a little confused by your wording. What do you define > > external storage as? Can you cite this area of the dev docs? More > > could you give a better example? > > > On Aug 27, 10:03 am, Eric Dorman <[email protected]> wrote: > > > > Hey Tauren, > > > > It would be a attack from the computer to the phone in some sort of > > > file transfer. > > > > I guess what I am trying to say is what if a user connects the device > > > into the computer and has files on the computer that he wants to > > > transfer to the device via a USB Mass Storage? > > > > I believe from the dev docs that it said external files can disappear > > > if the user puts the external storage on the computer. > > > > I hope I am not confusing anyone or asking a dumb question. > > > > I am just curious. :D > > > > On Aug 27, 9:40 am, Tauren <[email protected]> wrote: > > > > > Is this an attach on the phone itself via the sdcard? or an attack on > > > > the computer? For an attack on the computer to occur the software > > > > often needs to be run, which from the sdcard shouldn't happen. As > > > > for attacking the phone I'll leave that up to the experts but I > > > > suspect that the phone won't just run stuff. If its a vulnerable > > > > document of some sort like say a PDF then it comes down to the user > > > > and knowing not to open things he shouldn't. > > > > > On Aug 27, 9:21 am, Eric Dorman <[email protected]> wrote: > > > > > > Hey guys, > > > > > > I have recently been reading up on the External Storage Documentation > > > > > and I have a question that I wanted to address before I made any > > > > > assumptions. :D > > > > > > If you can write files to lets say the SD Card then if the user > > > > > connects his/her device into a computer then couldn't the External > > > > > Storage be vulnerable to some kind of security attack on the files in > > > > > the External Storage System that have been saved? > > > > > > I am not sure if this would count as a vulnerability,but I thought I'd > > > > > ask before I go and report it. :( -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
