On Sat, Mar 3, 2012 at 9:47 PM, Jeffrey Walton <[email protected]> wrote: > From > http://www.itworld.com/security/255210/google-response-flaw-lets-apps-steal-photos-ditch-insecure-apps-thats-all-them: > > ... all the apps on the Android Market get access permissions from > Android's built-in security, which is so flawed it can't stop applications > from improperly accessing data even when they don't intend to. So, if > Google gets rid of all the apps Android would allow to access data > improperly, it will be getting rid of all the apps. > > "We need a more fine grained permission system on android," > http://lwn.net/Articles/409230/ > > "Dr. Android and Mr. Hide: Fine-grained security policies on unmodified > Android," http://www.cs.umd.edu/~jfoster/papers/acplib.pdf > > "The Effectiveness of Application Permissions," > http://www.cs.berkeley.edu/~afelt/felt-permissions-webapps11.pdf > > And last but not least (its alarming how permissions map to actions in > practice): > > "Android Permissions Demystified," > http://www.cs.berkeley.edu/~afelt/android_permissions.pdf
And this one is from Barbara Dizon, a social media manager (not an engineer!). "Company at centre of Android apps scare responds," http://www.cbronline.com/blogs/cbr-rolling-blog/company-at-centre-of-android-apps-scare-responds-080312: "[Dizon] also suggested that the issue with capturing data is more to do with the way Android app permissions work, not with any functionality MobClix or Velti has added to apps. Android permissions often grant access to chunks of information rather than a single piece of data. Therefore, in some cases, apps that would like permission to access a single piece of data technically have access to other stuff because of Android's permission system," she wrote. "There is nothing we can do about that." -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
