Thank guys, Adrian answered my question. I agree that even if an app can simulate user action, it can't do everything the user can do. Well it is just an app, and the user is a biological living thing, so no doubt about that.
But coming back to the example Adrian gave, if the photo app allows saving the photo to an online location, then the IME can give attacker access that data by saving it to a location accessible to the attacker. For my purpose, I was trying to find out if a compromised "system" app can install new apps without the user notice. And it seems that the answer is yet. -Anh On Nov 16, 10:18 am, Kevin Chadwick <[email protected]> wrote: > On Thu, 17 Nov 2011 06:04:19 -0800 (PST) > > Craig Heath wrote: > > I haven't been able to find that document, can anyone provide a > > pointer? > > I haven't seen that one. > > If your interested in the type of attacks against the sandboxes (aside > from kernel) then you may be interested in this. > > "http://www.ei.rub.de/media/trust/veroeffentlichungen/2010/11/13/DDSW2..."; -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
