>From
>http://www.itworld.com/security/255210/google-response-flaw-lets-apps-steal-photos-ditch-insecure-apps-thats-all-them:
... all the apps on the Android Market get access permissions from
Android's built-in security, which is so flawed it can't stop applications
from improperly accessing data even when they don't intend to. So, if
Google gets rid of all the apps Android would allow to access data
improperly, it will be getting rid of all the apps.
"We need a more fine grained permission system on android,"
http://lwn.net/Articles/409230/
"Dr. Android and Mr. Hide: Fine-grained security policies on unmodified
Android," http://www.cs.umd.edu/~jfoster/papers/acplib.pdf
"The Effectiveness of Application Permissions,"
http://www.cs.berkeley.edu/~afelt/felt-permissions-webapps11.pdf
And last but not least (its alarming how permissions map to actions in
practice):
"Android Permissions Demystified,"
http://www.cs.berkeley.edu/~afelt/android_permissions.pdf
--
You received this message because you are subscribed to the Google Groups
"Android Security Discussions" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/android-security-discuss?hl=en.
