Thanks for the reply Tim. Yes I am looking at that area of the platform and am aware of, and had looked at previously, the /data/app-private folder, which I believe is specifically the location for forward locking files prior to Jelly Bean.
I think you meant "is for the assets to be read". But that's exactly where my query lies. When these files were stored under /data/app-private these files weren't so accessible, in fact neither were the ones in /data/data (without forward locking enabled). There was no world read available. Whilst I appreciate the assets need to be available, they don't need to be available to 'world', but surely only to the app itself and quite probably the system. This could be achieved using access control (group and user) without so widely available read permission. The caveat to this statement is obviously - unless there is some other complexity I'm not aware of. Hence the question, any ideas WHY its world readable rather than being more locked down? On Monday, November 5, 2012 11:31:52 PM UTC, strazzere wrote: > > (Arg, adding list to reply) > > Your looking at the Copy-Protection/DRM. > > Previously this was all located in "/data/app-private". The world > readable-ness your seeing if for the assess to be read, though the > classes.dex file is not accessable (nor is the cached odex file). > > -Tim Strazzere > > > > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/54kbRi767c4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
