Thanks for these precisions. I was more thinking about the security of the end-users of applications, not mine, but I understand it is difficult to apply security rules at the HTTP protocol layer. Sure the middleware would be interesting, but only if every users can use it, not only experienced ones with rooted devices. And even if it would exist it wouldn't be enough since, for instance, as an app developer I could declare, in the manifest, only accessing « google.com » domain, but still I could send user's personal data to me through google mail service for example (supposing gmail is accessible through google.com without redirections, I'm not sure). Only the whole URL pattern would be relevant.
Best regards, Mattz. On Aug 11, 6:41 pm, Kevin Chadwick <[email protected]> wrote: > On Fri, 12 Aug 2011 06:07:30 -0700 (PDT) > > Earlence <[email protected]> wrote: > > If its for a per application basis, the uid match condition is simple > > to use. > > Cool, An android api or middleman which asks the user for permission > and updates iptables on behalf of apps which of course should never have > root access would be cool. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
