funsec mailing list archives
Re: NSA Creates Android based Super Secure Smartphone
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 4 Mar 2012 20:52:12 -0500
On Sat, Mar 3, 2012 at 10:22 PM, <Valdis.Kletnieks () vt edu> wrote:
On Sat, 03 Mar 2012 22:04:07 EST, Jeffrey Walton said:Will there be an NSA sponsored Market so folks can get hardened apps? Anything that adds finer grain permissions for applications is aNSA already gave us SELinux.
Yes, and a port of android to SE Android ,too. It appears the coarse grained permissions still plague SE Android (from reading the slides at http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf). I see the slides point out "[Current Android suffers] limited granularity, coarse-grained privilege." But I don't see where SE Android corrected it. For example, it appears PHONE_READ_STATE still encompasses reading a username, device serial number, IMEI, SIM ID, call state, incoming calling number, etc. It would have been nice if permissions were fixed (ie, finer granularity), and see a Market which used the improved permissions. Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- NSA Creates Android based Super Secure Smartphone Jeffrey Walton (Mar 03)
- Re: NSA Creates Android based Super Secure Smartphone Valdis . Kletnieks (Mar 03)
- Re: NSA Creates Android based Super Secure Smartphone Jeffrey Walton (Mar 04)
- <Possible follow-ups>
- Re: NSA Creates Android based Super Secure Smartphone Les Bell (Mar 03)
- Re: NSA Creates Android based Super Secure Smartphone Valdis . Kletnieks (Mar 03)