Dailydave mailing list archives
Re: Android Attacks Slides
From: Moxie Marlinspike <moxie () thoughtcrime org>
Date: Thu, 05 Apr 2012 19:56:08 -0700
On 04/05/2012 03:06 PM, r3dRAND wrote:
Does that imply that if an app requests a non-existent permission, say, "TELEPATHY_SEND_RCV", then it will be silently accepted. Then, if Android 6 supports that permission and the user upgrades the OS, the app would execute with that permission w/o any confirmation?
Yes, there's even a comment in the PackageManagerService class source where the author muses that this is possible, and notes that they should potentially do something about that at some point. I'm not sure whether that's better or worse than simply overlooking it completely. =) Of course, this is the same security-critical class that has a 400 line constructor, which alone contains the word "hack" three times. - moxie -- http://www.thoughtcrime.org _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Android Attacks Slides Jeffrey Walton (Apr 02)
- Re: Android Attacks Slides Bas Alberts (Apr 03)
- Re: Android Attacks Slides Tim (Apr 03)
- Re: Android Attacks Slides James Manico (Apr 03)
- Re: Android Attacks Slides Jeffrey Walton (Apr 05)
- Re: Android Attacks Slides Dean Pierce (Apr 05)
- Re: Android Attacks Slides James Manico (Apr 03)
- Re: Android Attacks Slides r3dRAND (Apr 05)
- Re: Android Attacks Slides Moxie Marlinspike (Apr 05)