Comments on: No Permissions Android app shows three giant security loopholes

By: reverend_house

reverend_house — Fri, 13 Apr 2012 12:46:00 +0000

Nonsense. It’s not new that the contents of the SD card are visible to all apps; that’s the whole point.

By: cynyr

cynyr — Fri, 13 Apr 2012 02:17:00 +0000

Step 1: start amature porn site in country with few regulations
Step 2: write evil app
Step 2.1: load all pictures you can find.
Step 2.2: upload all of them to your server
Step 3: sell access to all the nude photos you find.

Thats how. Apps shpuld not be allowed out of the sandbox unless I let them, and then only as far as I let them.

By: tastygroove

tastygroove — Fri, 13 Apr 2012 00:10:00 +0000

Ios apps are sandboxed. One app can’t read the save files of another without using explicit apis. (Open in, audio copy, MIDI sync, print with, etc..)

By: Milind

Milind — Thu, 12 Apr 2012 21:12:00 +0000

How is reading files a security issue? Which OS does not allow that?

By: Milind

Milind — Thu, 12 Apr 2012 21:12:00 +0000

How is reading files a security issue? Which OS does not allow that?

By: Johan Appelgren

Johan Appelgren — Thu, 12 Apr 2012 21:04:00 +0000

Why not use PackageManager instead to retrieve the list of installed apps and more? A lot easier to use and part of the Android SDK, no permissions required.

By: Johan Appelgren

Johan Appelgren — Thu, 12 Apr 2012 21:04:00 +0000

Why not use PackageManager instead to retrieve the list of installed apps and more? A lot easier to use and part of the Android SDK, no permissions required.

By: JustaTester

JustaTester — Thu, 12 Apr 2012 19:57:00 +0000

Even if Google addresses the underlying issues, there’s still the persistent issue of OEM’s and carriers not pushing or allowing updates to roll out to affected devices. And that’s not even considering that OEM’s are still releasing devices with Gingerbread.