Nico Williams <n...@cryptonector.com> writes: >On Fri, Dec 9, 2011 at 4:41 PM, Jeffrey Walton <noloa...@gmail.com> wrote: > >> Android also make the application a security principal for resource >> sharing (its a smarter walled garden approach). Its an awesome >> approach, especially when compared to Windows and *nix where sharing >> is generally based upon a login context and enforced through DACLs. > >That's what I meant by "isolation" :)
... dancing bunnies ... confused deputy ... (This is a serious problem on Android phones. The permissions systems is much nicer than NT/Unix - mostly because it'd be hard to come up with something that's worse - but it's fatally vulnerable to the dancing bunnies and confused deputy problems. For example one recent analysis of Android phones from a range of vendors found that, out-of-the-box, before any user apps were even installed, all of them leaked critical capabilities, all the way up to MASTER_CLEAR for the phone). Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography