This came across an android dev list. I hope mozilla can avoid anything similar. I knew android permissions could be bypassed by pre-installed apps, app communication etc., but I didn't realise how bad the situation was. Your probably already aware but just in case.
"https://viaforensics.com/security/nopermission-android-app-remote-shell.html" which links to "http://www.defcon.org/images/defcon-18/dc-18-presentations/Lineberry/DEFCON-18-Lineberry-Not-The-Permissions-You-Are-Looking-For.pdf" _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security