if you want to compete with Apple the apps must be better and the
market must first be checked for malware before the app will be
released.
Now there is many Malware in the market. Example: an app named Spyeye.

You must be prepared for apps that doing it's job Automatically after
installing. Now there is malware that works when you open the app but
in the future it goes Automatically.

--
You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
To post to this group, send email to android-security-discuss@googlegroups.com.
To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Search Discussions

  • Kevin Chadwick at Sep 17, 2011 at 2:55 pm

    On Fri, 16 Sep 2011 15:13:23 -0700 (PDT) Androiddevil wrote:

    if you want to compete with Apple the apps must be better and the
    market must first be checked for malware before the app will be
    released.
    Now there is many Malware in the market. Example: an app named Spyeye.

    You must be prepared for apps that doing it's job Automatically after
    installing. Now there is malware that works when you open the app but
    in the future it goes Automatically.
    No, the architecture which is more secure than apples needs improving
    and the never ending search for bugs continues. It is a big ask though
    to prevent local attacks from a purposefully installed app, more so
    apps. Personally I'd like to see Google do something with maemo as a
    more traditionally linux as a seperate venture without java by default
    alongside Android and with daily updates. If you add something from a
    non open source repository, it's your fault. I think it may get more
    backing from the Linux community, especially security wise.

    Unfortunately success needs commercial closed apps, even if most do the
    same job as a website.

    The difficult part is pleasing the customer with lots of easy to make
    apps. Java is not good for security but it helps prevent buffer
    overflows etc..

    Only if all apps are open source can you possibly have a good idea of
    what an app is doing. The only real difference with Apple checking these
    apps is likely to make is for the apps to be more devious about hiding
    their true functionality.

    Proactive is better than reactive.

    I certainly prefer Googles proactiveness to Apples even if it needs to
    mature.

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • David Herges at Sep 17, 2011 at 6:52 pm

    The difficult part is pleasing the customer with lots of easy to make
    apps. Java is not good for security but it helps prevent buffer
    overflows etc..

    Android's "Java" is not a security measure by any means. Ok, it is a
    well-defined type-safe language; no pointers, nu buffer overflows, no memory
    leaks, etc. However, "Java apps" are handled the exact same way as native
    apps (those developed with the NDK and written in C). Android's security
    boils down to the system-level isolation (sandboxing) and the permission
    scheme; nothing to do with "Java security" at all.

    Only if all apps are open source can you possibly have a good idea of
    what an app is doing. The only real difference with Apple checking these
    apps is likely to make is for the apps to be more devious about hiding
    their true functionality.

    Proactive is better than reactive.
    I think that there exit some interesting approaches to those problems. I
    mean, just look at the research propers from Enck et al (TaintDroid, Kirin
    tool, ...), Shabtai et al (hardening Android by Linux measures), Davi (the
    transitive permission thing), etc.

    However, it's not up to me nor up to you to get that going. It's in the
    hands of the platform engineers.


    Cheers, David

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/RmsO_l2HIJEJ.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
  • Kevin Chadwick at Sep 18, 2011 at 12:30 am

    On Sat, 17 Sep 2011 11:52:24 -0700 (PDT) David Herges wrote:

    The difficult part is pleasing the customer with lots of easy to make
    apps. Java is not good for security but it helps prevent buffer
    overflows etc..

    Android's "Java" is not a security measure by any means. Ok, it is a
    well-defined type-safe language; no pointers, nu buffer overflows, no memory
    leaks, etc. However, "Java apps" are handled the exact same way as native
    apps (those developed with the NDK and written in C). Android's security
    boils down to the system-level isolation (sandboxing) and the permission
    scheme; nothing to do with "Java security" at all.
    I thought that was what I said, but I guess I skimped over a fair
    amount. It does make it a little more difficult to attack an amateurish
    apps permissions.

    Personally the OS is pretty much what I care about. I don't want no
    apps just email, sftp and a browser with security being paramount oh
    and a multi touch screen which limits your os options, currently.

    --
    You received this message because you are subscribed to the Google Groups "Android Security Discussions" group.
    To post to this group, send email to android-security-discuss@googlegroups.com.
    To unsubscribe from this group, send email to android-security-discuss+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupandroid-security-discuss @
categoriesandroid
postedSep 16, '11 at 10:14p
activeSep 18, '11 at 12:30a
posts4
users3
websiteandroid.com

People

Translate

site design / logo © 2019 Grokbase