Task #3608

incorporate Mark Murphy's research

Added by hans over 3 years ago. Updated about 2 years ago.

Status:NewStart date:07/28/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Component:

History

#1 Updated by hans about 2 years ago

The always clear spoken Mark Murphy wrote an interesting blog
post1 & analysis2 of custom permissions in Android. Specifically how
the interaction between apps defining custom/signature permissions can
be subverted in subtle ways based on the order of application install.

Might be worth adding as a footnote to Hans' "Improving trust and flexibility
in interactions between Android apps" blog post3 as it mentions custom
permissions as a means to gate access to Activities.

- Daniel

[1] http://commonsware.com/blog/2014/02/12/vulnerabilities-custom-permissions.html
[2] https://github.com/commonsguy/cwac-security/blob/master/PERMS.md
[3] https://guardianproject.info/2014/01/21/improving-trust-and-flexibility-in-interactions-between-android-apps/

Also available in: Atom PDF