Google’s Bouncer malware detection system might not be as strong as the Chocolate Factory hopes, with a pair of security researchers demonstrating flaws in the system. Duo Security’s Jon Oberheide and Charlie Miller, preparing a presentation for this week’s SummerCon in Brooklyn, have demonstrated that it’s possible to slip a …
Sadly when something becomes so popular there are those than want to exploit it.
I would love to see a system, whereby it remains open source but the apps themselves are individually walled away from the operation system so that they cannot access anything but themselves.
Would this mean an Apploid or andrapple OS?
I think I'm at risk of being taken away by the men is white coats.
The problem with such walls is that they need holes
Say you write a picture-munging application. It clearly needs to be able to read the pictures already on the phone as well as take photos with the camera, and it needs to save the results back to the picture gallery.
Equivalent examples exist for a lot of things.
The obvious solution is for more granularity in permissions - you may see my picture collection but not my sounds library etc.
More importantly, we need the ability to deny a particular permission to the application, eg It gets an empty and volatile persistent storage.
It's been invented before
It's called Symbian, but apparently it's yesterday's mobile OS.
android already does this
" Because Android sandboxes applications from each other, applications must explicitly share resources and data. They do this by declaring the permissions they need for additional capabilities not provided by the basic sandbox"
Anything you shove on the sdcard however is fair game....
as for bouncer, and it will be trivial for Google to fingerprint apps to see if they, are trying to work out if they are running in the emulator, or indeed remove the qemu reference from the vm.
Either way, and I would expect this not to work by the time they try and demo it...
Re: android already does this
Not really. Inter-application communication has very tight granularity, but application-to-phone permissions are still quite big buckets:
It's a little odd as there are a few very fine-grained permissions, while most are very large buckets. eg location info has several different permissions, while others let the app do pretty much whatever it wants to "X".
It's still not possible to deny an application a permission while still running it, or alter permissions after installation - for example, almost every social network app seems to want GPS location. What if I don't want it to have my location but am happy for everything else?
Or even more common, I'm happy for it to use the Internet but not for it to use my phone or SMS/MMS. When abroad it's easy to kill Internet, but not possible to kill phone/SMS/MMS.
Joe & Charlie vs The Chocolate Factory?