On Sat, Mar 3, 2012 at 9:47 PM, Jeffrey Walton <[email protected]> wrote: > From > http://www.itworld.com/security/255210/google-response-flaw-lets-apps-steal-photos-ditch-insecure-apps-thats-all-them: > > ... all the apps on the Android Market get access permissions from > Android's built-in security, which is so flawed it can't stop applications > from improperly accessing data even when they don't intend to. So, if > Google gets rid of all the apps Android would allow to access data > improperly, it will be getting rid of all the apps. > > "We need a more fine grained permission system on android," > http://lwn.net/Articles/409230/ > > "Dr. Android and Mr. Hide: Fine-grained security policies on unmodified > Android," http://www.cs.umd.edu/~jfoster/papers/acplib.pdf > > "The Effectiveness of Application Permissions," > http://www.cs.berkeley.edu/~afelt/felt-permissions-webapps11.pdf > > And last but not least (its alarming how permissions map to actions in > practice): > > "Android Permissions Demystified," > http://www.cs.berkeley.edu/~afelt/android_permissions.pdf
>From "About the Android Security Key app and permissions," http://www.swtor.com/community/showthread.php?t=466008. The OP does not realize this is a platform problem that Google refuses to fix. I'm not quite sure this is the place to post this, but I'm proper curious: I looked into installing the security key app last night as I'd like the extra layer of security. So I went to the Android store and looked it up. Pressed download. Being the paranoid person I am I looked over the permissions before installing. I'm glad I did. Why on Earth does the app need to read my phone state? That seems really, really invasive to be frank. I'd love to install it, but no way am I giving anyone access to my phone calls or the numbers in my phone book. Any chance of updating the permissions so it's not a Stasi app anymore? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
