OK. So, a Binder IPC can be setup where an App can publish a service and the other App can bind to it. Thanks everyone for your valuable inputs.
On Apr 13, 2:20 am, surya tej <[email protected]> wrote: > Hi All, > > I want to limit android internet connectivity to only few websites(say 10 > websites)..how can I do it ?.kindly help me > > > > > > > > > > On Wed, Apr 13, 2011 at 11:47 AM, Earlence <[email protected]> wrote: > > Thats the point, the 2 apps need to know about each other. > > If they were not designed in the first place to communicate or its > > interfaces were protected (which is how it should be done), then there > > is no possibility of a covert channel. > > > But this opens an interesting scenario. I have 2 apps, one of which > > legitimately needs an internet connection, for example, a chat client. > > It publishes an unprotected interface over which other apps can make > > network requests. Then other trojans can be installed that wouldn't > > require network permissions since the first one provides the service. > > Maybe this is the form of collusion that the OP was talking about. > > > David, > > Interesting paper. > > > -Earlence > > > On Apr 13, 1:03 am, Chris Palmer <[email protected]> wrote: > > > > I think they were trying to constraint it that that the apps don't > > > > have android.permission.WRITE_EXTERNAL_STORAGE and only one had > > internet > > > > permission and presumably want to know if its possible to use Binder > > based > > > > RPC. but yes, I assume one app can publish as a service and the other > > could > > > > bind to it. not sure if any permissions are needed for that. > > > > Right, you can set up a no-Permission-required Service or other > > > Binder-based IPC. > > > > Note that even if an app doesn't have INTERNET, it can still talk to > > > the internet. My Lookout published some mechanisms for doing this at > > > Black Hat last year. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Android Security Discussions" group. > > To post to this group, send email to > > [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/android-security-discuss?hl=en. > > -- > Thanks & Regards, > > Suryatej, > 9247714040. > > Please Save paper, Save trees. > Please don't print this email and documents unless it is really necessary. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
