On Sun, Dec 23, 2012 at 7:10 PM, Jeffrey Walton <[email protected]> wrote: > On Sat, Dec 15, 2012 at 5:26 PM, Jeffrey Walton <[email protected]> wrote: >> >> ... "An Evaluation >> of the Application ("App") Verification Service in Android 4.2," >> http://www.cs.ncsu.edu/faculty/jiang/appverify/. >> >> Would it be possible for Google to supply an application that turns to >> the crowd for answers? Here, the crowd refers to users' aggregated >> results from the AV solutions they use. Its similar to the model used >> by Immunet (http://www.immunet.com/main/index.html). >> >> This way, app users would get the benefit of the AV industry (and not >> one provider), and Google can focus on its core activities (and get >> out of the antivirus business). > Someone else (Jim Huang) just made a similar observation: "Extend the > web security model to the OS", > http://www.slideshare.net/jserv/brief-tour-about-android-security. I think he got this wrong, though: "Developer education." I believe spending time and resources on 1,000,000 developers is a waste of time, money, and effort. It is a lost cause, and will likely be no better than educating most users. Confer: what's the worst security you have seen? For me, is developer driven security.
I believe its better to focus where the best ROI occurs. For example, development tools - make it hard or impossible to do things incorrectly in the first place. As another example, App Stores - concentrate the fire power there. Yet another example is the OS - concentrate limited resources where they become most effective. Microsoft realized the same some time ago. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
