On Mon, May 7, 2012 at 9:56 PM, Nikolay Elenkov <[email protected]> wrote: > Re-posting to group. > > > ---------- Forwarded message ---------- > From: Nikolay Elenkov <[email protected]> > Date: Tue, May 8, 2012 at 10:55 AM > Subject: Re: [android-security-discuss] Re: Call for Action: Android > Permissions > To: [email protected] > > > On Tue, May 8, 2012 at 4:58 AM, Jeffrey Walton <[email protected]> wrote: > >> >> http://techie-buzz.com/online-security/addressing-android-security.html >> > > No offence, but this article is complete BS. The author is not only clueless, > but his 'writing' is severely lacking: how does listing a bunch of completely > unrelated 'things' under nonsensical headings make an article? > > Facebook a 'no-permission' app? 'The system files of an Android'? Really? > > If you want to spread FUD, at least make sure it half-coherent before > posting. > Android has a serious problem with their capabilities permissions (or lack thereof), not the UriPermissions. The problem is clearly chronic for consumers since Google is not evolving the platform for the security needs of the users. Perhaps Google's strategy is apply the Ostrich Algorithm - in which case Its not going to get better on its own.
That the "author is clueless [sic]" speaks volumes to the breadth of the problem. Its sad when media managers and clueless tech reporters even realize there are issues, yet the security and architecture folks who are responsible for platform security allow the problem to fester. Its very unfortunate current users are asked to live with a model/granularity that is years old just so Google can provide backwards compatibility for dated APIs and applications. I personally don't like being sacrificed and store no personal information on the device. Business material is clearly out of the question. Its is also causing problems for many folks in the Enterprise, including the folks who have to try to secure the devices (speaking from experience). In fairness to Google, the company may want to be a "consumer electronics company" so that the Enterprise does not matter. This position is not new and has been used successfully by another popular player. Google's lack of an Enterprise management tool for centralized administration seems to point in this direction. Google's Market is quickly becoming like a Linux repository - hundreds/thousands of useless, broken, or insecure applications. And many of the apps are not to blame since Google controls the platform. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
