On Thu, Dec 8, 2011 at 9:26 AM, Darren J Moffat <darren.mof...@oracle.com> wrote: > On 12/08/11 03:27, Nico Williams wrote: >> You misunderstand. The Android code signing model isn't intended to >> protect you from installing malware: it's intended to help Android a) >> provide isolation between apps from different sources, b) protect your >> apps from untrusted updates. > > Android gives you hints about what a given APK might be upto by telling you > *before* you agree to install it what permissions it wants.
Indeed, but this has nothing to do with Android's signature model. Signatures are there for continuity. > I've rejected several otherwise interesting sounding (probably legit) apps > from the Google Market because the list of permissions looked excessive to > me based on what that apps claims to do. And when every app you want [eventually] wants complete free range, what do you do? Android should at least let the user reduce the privileges of paid-for applications -- the current situation is intolerable. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography