s that you installed from (using getInstalled()) or yourself
(using getSelf()) this mitigates the risks. Only apps having high
privileges can use mgmt.getAll() to see cross-stores installs.
Fabrice
--
Fabrice Desré
b2g Team
Mozilla Corporation
_
This is a tedious process that slows down exploitation, and that's no fun.
If app authentication relies only on SSL, then you just need to pop a web
server (which isn't hard, really). Everyone
using the app gets owned simultaneously.
Lucas.
--
Fabrice Desré
b2g Team
he folks who've studied
this topic (off-list).
I'd be interested to hear about these studies, are then any papers
available freely on the Internet?
Look for instance at work from Adrienne Porter Felt:
http://www.cs.berkeley.edu/~afelt/
Fabrice
--
Fabrice Desré
b2g
