On Sat, Mar 3, 2012 at 9:47 PM, Jeffrey Walton <[email protected]> wrote: > From > http://www.itworld.com/security/255210/google-response-flaw-lets-apps-steal-photos-ditch-insecure-apps-thats-all-them: > > ... all the apps on the Android Market get access permissions from > Android's built-in security, which is so flawed it can't stop applications > from improperly accessing data even when they don't intend to. So, if > Google gets rid of all the apps Android would allow to access data > improperly, it will be getting rid of all the apps. > > "We need a more fine grained permission system on android," > http://lwn.net/Articles/409230/ > > "Dr. Android and Mr. Hide: Fine-grained security policies on unmodified > Android," http://www.cs.umd.edu/~jfoster/papers/acplib.pdf > > "The Effectiveness of Application Permissions," > http://www.cs.berkeley.edu/~afelt/felt-permissions-webapps11.pdf > > And last but not least (its alarming how permissions map to actions in > practice): > > "Android Permissions Demystified," > http://www.cs.berkeley.edu/~afelt/android_permissions.pdf
http://techie-buzz.com/online-security/addressing-android-security.html Some people want to cut Google some slack, since the Android platform is relatively new. The security issues can be worked on and rectified. However, Android isn’t just failing at keeping developers from creating harmful apps, it’s also failing at controlling what permissions normal apps are acquiring. “No permission” apps have the ability to get access to things that have nothing to do with them. For example, the Facebook app has access to your text messages, even though it has nothing to do with them. An app may ask for ‘obvious’ permission which it requires to work, but can secretly gain access to, something as off limits as your SD card. A user’s sensitive data can very easily make its way into someone else’s hands.... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
