I think one of the biggest issues is where the data is being stored and how they control it. Part of the program, as viewed by a survey of all available apps, is data leakage from the app that sticks around in the system and can be picked at by other applications with access or through a vulnerability. This again comes down to the app level being the weakest link for the most part. We can only trust the app markets ability to analyze an app, but generally common sense should tell you that outside of there being a direct vulnerability in the phone apps should request minimum required permissions for what they do to be secure.
On Fri, Sep 3, 2010 at 4:44 AM, Chris Stratton <[email protected]> wrote: > On Sep 3, 3:36 am, JWJu <[email protected]> wrote: > > > To root the > > device the attacker would need to reboot the device and then the > > passphrase would be cleared. > > Untrue - or true only for certain designed in firmware methods of > rooting, but not for the volnerabilities in the running kernel that > are discovered a few times a year. > > Requiring password entry on application installation could be a start, > but won't protect against quiet or rarely triggered exploits buried in > otherwise legitimate and useful apps. > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]<android-security-discuss%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
