PaulDotCom mailing list archives
Re: Android App authorizations
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 13 Apr 2011 09:08:23 -0500
David3 Gonnella <netevil () hackers it> writes:
Hi guys I'm going to develop my first serious android app...and my mind goes to the section before installing where you have to accept authorizations for reading contacts, network access ..and so on. The question is, can you fool or be fooled by these authorizations ..programmaticaly? ( or any other way is welcome either..) I haven't go deep in this research so i'm just asking you..maybe someone already knows something about... Thanks in advance for helping.
I saw a talk on android security assessment at OWASP Chicago months ago and asked a question about this. The speaker who knew far mor about this than I led me to believe that these permissions come from the manifest of the app I believe, and sometimes bear little or resemblance to what the application can/will actually do? I'd be interested in input from others who've developed for Android to confirm or deny that, though. If true, it seems to be a gaping hole in the secvurity model making it nearly impossible for users to make decent decisions on apps. -- Todd Haverkos, LPT MsCompE http://haverkos.com/ _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Android App authorizations David3 Gonnella (Apr 12)
- Re: Android App authorizations Todd Haverkos (Apr 13)