I want to understand Android security better, and this is mostly a learning experience, so the App does not need to be completely full proof. What about modifying a Launcher like ADW to prompt the user for a password before you launch an App? Wouldn't this work? The one issue that I can think about is that if a user is for instance in the google maps app, and then he clicks on an email, the gmail App will be launched without asking for the users' password. And of course the Launcher App could also be uninstalled if the user restarts the phone in safe mode. Also is there a way force the user to input a password in order to uninstall an App? I might actually modify the system in order to support this kind of thing. Can you guys point me to good resources for me to learn about the Android package manager? Also are there any other major components that I would have to change to make this possible (the reference monitor maybe?)?
Also, if there are any good discussion threads about this I would really appreciate if you could send me the links to those. On Tuesday, November 27, 2012 2:29:49 PM UTC-5, Kristopher Micinski wrote: > > There was a long discussion on android-developers as to the removal of > this view logs permission, by the way, that brings up the points germane to > the consequences of this. > > kris > > > On Tue, Nov 27, 2012 at 2:28 PM, Kristopher Micinski > <krismi...@gmail.com<javascript:> > > wrote: > >> Still, you could defeat these apps by simply restarting the phone in >> "safe mode" and uninstalling the app, making this type of app essentially >> useless unless you included it in firmware. >> >> kris >> >> >> On Tue, Nov 27, 2012 at 2:15 PM, Michael <l...@fixmo.com <javascript:>>wrote: >> >>> It used to be possible if an application can view logs of the >>> ActivityManager. >>> >>> Starting from JB, viewing other app's logs is a SystemOrSignature >>> permission. Therefore unless your application gets installed on the device >>> prior to the update, the application can only view its own logs. >>> >>> On Stock device - no viewing logs. However, there are workarounds that >>> you can perform such as one that constantly checks with the Framework to >>> see which app is on top. I'm not to say whether these workaround is good >>> or not because it entirely depends on what you are trying to achieve. All >>> I can say is that these are fully documented methods - use your discretion. >>> >>> >>> >>> >>> On Tuesday, 27 November 2012 13:34:00 UTC-5, Kristopher Micinski wrote: >>> >>>> This will not be possible on stock hardware, because you basically >>>> can't "intercept" other intents with a standard app. Proxying intents is >>>> possible if you modify the system, but the ability to do this on stock >>>> firmware would be a security hole in itself. >>>> >>>> The place you would want to look --- should you want to modify the >>>> system to support this --- is the Android package manager that handles the >>>> mediation of intents through the system. >>>> >>>> Kris >>>> >>>> >>>> On Fri, Nov 23, 2012 at 12:05 AM, Igor Cavallera >>>> <joaoba...@gmail.com>wrote: >>>> >>>>> Hey guys, >>>>> >>>>> Is it possible to create an App that would monitor which Apps are >>>>> launched so that it would prompt the user for a password before launching >>>>> a >>>>> possibly sensitive App (say Gmail)? But would not ask the user for his >>>>> password for an App like the Weather App? I was thinking about >>>>> intercepting >>>>> onStart and onResume intents in order to do this, but I am not sure if >>>>> this >>>>> is possible. >>>>> By the way, I am a high student trying to learn android development >>>>> and I was thinking of developing a simple App that did this (as a >>>>> learning >>>>> experience). >>>>> >>>>> Thank You very much for the help. >>>>> >>>>> Igor >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Android Security Discussions" group. >>>>> To view this discussion on the web visit https://groups.google.com/d/* >>>>> *msg/android-security-discuss/-**/SJ1OWS-15wMJ<https://groups.google.com/d/msg/android-security-discuss/-/SJ1OWS-15wMJ> >>>>> . >>>>> To post to this group, send email to android-secu...@** >>>>> googlegroups.com. >>>>> >>>>> To unsubscribe from this group, send email to >>>>> android-security-discuss+**unsubscr...@googlegroups.com. >>>>> For more options, visit this group at http://groups.google.com/** >>>>> group/android-security-**discuss?hl=en<http://groups.google.com/group/android-security-discuss?hl=en> >>>>> . >>>>> >>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Android Security Discussions" group. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msg/android-security-discuss/-/I5l3rNF9uqUJ. >>> >>> To post to this group, send email to >>> android-secu...@googlegroups.com<javascript:> >>> . >>> To unsubscribe from this group, send email to >>> android-security-discuss+unsubscr...@googlegroups.com <javascript:>. >>> For more options, visit this group at >>> http://groups.google.com/group/android-security-discuss?hl=en. >>> >> >> > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/xXFG57oTQugJ. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
