On Sun, Dec 2, 2012 at 3:32 AM, JonS <thejunk...@gmail.com> wrote: > > How much of the security model breaks if the phone is rooted? Is there an > article on this? I am trying to write a secure app that transfers sensitive > information between apps, but I am worried if the user roots their phone and > spawns a malicious app as root, that the security model will break apart. Yep. That's a problem with systems that use Discretionary Access Controls (DACs).
It is usually dealt with in a couple of ways. First, use SEAndroid which moves to policy based Mandatory Access Controls (MACs). Under SEAndroid, root is just another user who is contained. Second is policy and procedures. You create a policy that says, "you cannot root or jail break your phone," and you place procedures to detect rooting or jailbreaks. Then you get yourself a stick - the carrot is optional. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
