Secure usage data (how?) #1140
Comments
|
Usage data cannot be retrieved by any other application than XPrivacy itself. |
|
Let me ask this question as someone who does not develop in Java and is not familiar with the really deep bowels of the Android security model. Under XP's current architecture, is usage data recording an app asking permission to do something (i.e. Mom, can I go outside?), just testing their boundaries (i.e. checking if the door is unlocked) or actually attempting to do something (i.e. trying to open the door)? In my opinion, the first is just bordering on annoying, the second is cause for concern and the third is very serious, indeed. |
|
When you apply the hooks to an app, you could inject into the hook code a That would probably also open the door to per package restrictions. |
|
A call to getRestriction is only for asking permission. On 22 January 2014 00:12, wbedard [email protected] wrote:
|
|
I see...and I take it that either XPosed and/or XPrivacy don't allow you to monitor an app more closely (i.e. what it actually does rather than what it asks permission to do)? |
|
I think it probably depends on whether the relevant hook acts before or after the android function. |
|
I think I am beginning to see what you want to know. |
|
Hmmm, let me ask this then? Under the current model, if XPrivacy tells an app "No" or, perhaps more commonly, tells an app all about the Tooth Fairy, Easter Bunny, etc, that app isn't able to sneak around us or "Google" the real info, is it? If it's not, then I not sure there's a strong enough need to ensure the usage data is more "accurate.". If apps are able to go around XP, that's certainly more serious. |
|
Some functions can be circumvented by using others. For example, Build.prop stuff can be found via shell. The problem would be if you tried an app, it FCs, and when you check usage you see yellow triangles everywhere, you wouldn't know what to allow. That would be annoying, but relatively harmless, unless you lost patience and unchecked everything. |
|
Aha, now that is a very good "threat" to understand. However, at some point, there's only so much XP can do to protect a user from themselves. With each app, a user needs to make the decision about what info they are willing to make available. If the app is coded to not function in the absence of that info, the prudent choice might be to contact the developer of the app. However, we all know people who run anti-virus software (because they know they're supposed to...) but click allow at every prompt of whether some program should be allowed to run. Quite frankly, such a user would be better off not running XPrivacy and probably shouldn't even be rooting their phone. In the case of a "poorly behaved app" such as you describe, the correct choice would almost certainly be to uninstall the app...:>) |
|
I wouldn't say "Poorly behaved", I'd say "Badly behaved", and if the developer is willing to go that far, then I'm not sure I'd trust him at all. |
|
I completely agree! |
Can you describe the "threat model" you would like to defend against? That would help bound the discussion of how to accomplish your goal.
The text was updated successfully, but these errors were encountered: