Hi All, I've been reading Nikolay Elenkov's blog on Android Code Signing (http://nelenkov.blogspot.com/2013/05/code-signing-in-androids-security-model.html).
The blog talks about developer permissions that are revocable at runtime, such as READ_LOGS and WRITE_SECURE_SETTINGS. The permissions are listed at http://developer.android.com/reference/android/Manifest.permission.htm. A few questions: (1) How do we determine development permissions? The Manifest does not denote them. (2) Should these permissions show up in production apps? (3) For the permissions to be in effect (i.e., the capability is granted), does the phone have to be in development mode? (4) How do we revoke them? Is there an alternative to `adb pm revoke`? Is there a GUI component? Some of these have been around for quite some time (API 1), but the blog appears to indicate they are new. For example, Manifest.permission.html states READ_LOGS has been available since API 1. Is there any more reading on the subject? Google and Bing are returning a lot of irrelevant fodder. (BTW, great article Nikolay). Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
