LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Android trojan steals keystrokes using phone movements (ars technica)

Android trojan steals keystrokes using phone movements (ars technica)

Posted Apr 27, 2012 17:40 UTC (Fri) by mathstuf (subscriber, #69389)
In reply to: Android trojan steals keystrokes using phone movements (ars technica) by nybble41
Parent article: Android trojan steals keystrokes using phone movements (ars technica)

I think a lot of grief could be spared by splitting some permissions. One such is separating out a "connect to advertisement networks" from "connect to the Internet", or even to have a whitelist of IP addresses or domain names attached to the Internet permission. Another possibility would be to just have applications actually describe what the permission is used for in the manifest file so that the market can display it. I currently have two upgrades waiting on my Galaxy Nexus because they add the "read sensitive logs" permission with no explanation of why it is needed. They also don't really make sense to have the permission in the first place (Google Voice and My Verizon) and there's no explanation.

(Log in to post comments)

Android trojan steals keystrokes using phone movements (ars technica)

Posted May 3, 2012 10:57 UTC (Thu) by robbe (guest, #16131) [Link]

CyanogenMOD allows one to turn off each permission independently. Of course, many apps don't handle denied requests well and will crash... I guess staying at the old version is better than making the application unstable.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds