- From: Janusz Majnert <j.majnert@samsung.com>
- Date: Fri, 19 Apr 2013 10:14:15 +0200
- To: public-sysapps@w3.org
>> IMHO this should be handled by the system. > Agree with the this point but I'm a little bit doubt that the following > reasons are very much relevant. >> Please consider these situations: >> - an applicaiton was hacked and the original author released an >> update/fix - the hacked app doesn't display the update information to >> the user > Should system inform user to update a 'hacked' application? Perhaps not > since the application itself is not the original one. What I meant was that if a legitimate application is somehow maliciously modified after installation (eg by script injection), and the legitimate author discovers that and pushes out an update, then we cannot rely on the modified app to show the update notification to the user. >> - an application was hacked and it shows the user an update >> notification - the user, accustomed to these kind of notifications >> from applications downloads/installs another malicious app > Since the application is already hacked, it doesn't make too much > difference to update to a newer hacked version. Again, if a legitimate application is somehow maliciously modified after installation, the attacker could trick user into downloading and installing more malicious applications, visiting phishing pages etc. BR/Janusz
Received on Friday, 19 April 2013 08:15:05 UTC