Re: Android App authorizations

[Todd Haverkos <infosec () haverkos com>]

David3 Gonnella <netevil () hackers it> writes:

> Hi guys
> I'm going to develop my first serious android app...and my mind goes to the section before installing where you have 
> to accept authorizations for reading contacts, network access ..and so on.
> The question is, can you fool or be fooled by these authorizations ..programmaticaly? ( or any other way is welcome 
> either..)
>
> I haven't go deep in this research so i'm just asking you..maybe someone already knows something about...
>
> Thanks in advance for helping.

I saw a talk on android security assessment at OWASP Chicago months
ago and asked a question about this.  The speaker who knew far mor
about this than I led me to believe that these permissions come from
the manifest of the app I believe, and sometimes bear little or 
resemblance to what the application can/will actually do? 

I'd be interested in input from others who've developed for Android to
confirm or deny that, though.  If true, it seems to be a gaping hole
in the secvurity model making it nearly impossible for users to make
decent decisions on apps. 


--
Todd Haverkos, LPT MsCompE
http://haverkos.com/
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com