Task #3608: incorporate Mark Murphy's research - Trusted Intents - Guardian Project Dev (ARCHIVED SITE)

Copy

Task #3608

« Previous | 14 of 14 | Next »

incorporate Mark Murphy's research

Added by hans over 3 years ago. Updated about 2 years ago.

Status:

New

Start date:

07/28/2014

Priority:

Normal

Due date:

Assignee:

% Done:

Category:

Target version:

Component:

Description

https://lists.mayfirst.org/pipermail/guardian-dev/2014-February/003201.html

History

#1 Updated by hans about 2 years ago

The always clear spoken Mark Murphy wrote an interesting blog
post¹ & analysis² of custom permissions in Android. Specifically how
the interaction between apps defining custom/signature permissions can
be subverted in subtle ways based on the order of application install.

Might be worth adding as a footnote to Hans' "Improving trust and flexibility
in interactions between Android apps" blog post³ as it mentions custom
permissions as a means to gate access to Activities.

- Daniel

[1] http://commonsware.com/blog/2014/02/12/vulnerabilities-custom-permissions.html
[2] https://github.com/commonsguy/cwac-security/blob/master/PERMS.md
[3] https://guardianproject.info/2014/01/21/improving-trust-and-flexibility-in-interactions-between-android-apps/

Copy

Also available in: Atom PDF

Developer Libraries » Trusted Intents

Issues

Custom queries

Task #3608

incorporate Mark Murphy's research

History

#1 Updated by hans about 2 years ago