Re: [Execution and Security Model] Proposal from Samsung Electronics

On 26/02/13 09:24, Janusz Majnert wrote:
>>> But I definitely think that our ultimate goal should be to move as
>>> many of the APIs to as low level as possible. Or at least as much as
>>> possible for the various APIs to as low level as possible. So for
>>> example the SMS API might have a subset which is only exposed to
>>> certified apps, whereas the ability to be notified of incoming
>>> messages is exposed to privileged apps, and the ability to read the
>>> database of stored messages is exposed to normal apps. (Just to pull
>>> an example out of thin air).
>>
>> Why would the SMS API be limited to certified applications? A privileged
>> application is an application that has been marked as privileged by a
>> store that has been marked as privileged by the runtime. Why should we
>> expect such an application to not behave correctly? If Firefox OS or
>> Tizen or Webinos trusts a store and that store trusts an application
>> whether because the code has been reviewed or the author is trusted.
> On Android, would you trust all applications available via the Play 
> Store? Or in other words - would you trust all of them the same? Or do 
> you also look at user ratings, download numbers, who the author is, etc?
> You gave a good example in your other email, where you wrote about SMS 
> API being abused by an app that was trusted enough to use it...

I agree with Janusz.

We discussed this issue internally within webinos.  We assume that the 
main value of an app store is in revocation rather than prevention*.  
E.g., it gives the app store the ability to remove a malicious app, not 
prevent it from being present on the app store in the first place.

Unless the app store is charging developers a lot of money to submit an 
application, it wont be cost-effective to review each application for 
malicious behaviour. As a result, malware will definitely get through.  
That's not to dilute the app store's importance: it makes the impact of 
any malware much lower as it would hopefully be removed by the app store 
fairly quickly after complaints are received.  But it is only one of 
several measures.

Best wishes,

John


*Hat tip to Paddy Byers for this particular insight.

Received on Tuesday, 26 February 2013 12:38:46 UTC