1a. There is no defense against a physically local attacker. 1b. That's a good thing.
2. Earlence is right: The Linux kernel is weak. We should focus our efforts on making it a smaller and harder target, not a bigger and dumber target. (All COTS kernels are weak. Non-COTS kernels usually come with dubious or even laughable claims of security.) 3. App developers, carriers, OEMs, et al. should work with users, not against them. There are many win-win-win scenarios. Example: People rooted their phones to get a tethering feature. Froyo added it as a native feature, obviating that reason to root. Some carriers/OEMs actually disable that feature of Froyo; if they were smart, they'd simply charge more for a premium data plan. As it is, people will root those phones (1a, 2) and then use data heavily (1b). Result: The carrier gets no extra revenue from self-selecting premium feature users, the user has an annoying and possibly unsafe experience, and there is a tragedy of the commons (some data hogs eat all the bandwidth, causing dumb carriers to lock down even harder on data usage...). 4. "Root" and "su" are not acronyms or capitalized for any other reason. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
