David3 Gonnella <[email protected]> writes: > Hi guys > I'm going to develop my first serious android app...and my mind goes to the > section before installing where you have to accept authorizations for reading > contacts, network access ..and so on. > The question is, can you fool or be fooled by these authorizations > ..programmaticaly? ( or any other way is welcome either..) > > I haven't go deep in this research so i'm just asking you..maybe someone > already knows something about... > > Thanks in advance for helping.
I saw a talk on android security assessment at OWASP Chicago months ago and asked a question about this. The speaker who knew far mor about this than I led me to believe that these permissions come from the manifest of the app I believe, and sometimes bear little or resemblance to what the application can/will actually do? I'd be interested in input from others who've developed for Android to confirm or deny that, though. If true, it seems to be a gaping hole in the secvurity model making it nearly impossible for users to make decent decisions on apps. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
