Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Skype or Something Better?
- Date: Wed, 22 Feb 2017 16:59:33 +0900
- From: AbH Belxjander Draconis Serechai <belxjander@example.com>
- Subject: Re: [tlug] Skype or Something Better?
- References: <8b06da7d-760d-8b07-1823-1337b66f0f36@dcook.org> <b6e65e75-c32d-c07d-d9e2-4c55186c7916@gmail.com> <9d08be19-5dd5-0ed6-6f4b-69cf2ee3f4f2@dcook.org>
If potentially an attack vector then thinking ahead and asking for a bunch of permissions that are not directly used up-front breaks any permissions firewalling aspect in advance of updates that are actually of any danger to the user.
Considering that app updates over the google play infrastructure only ask for any additional permissions when they are added and asking upfront allows for "silent" updates later (this is a policy level bypass) and anything includable as a plugin in this way can be effectively outside the application and yet still included functionally within it "on demand".
That's for any potential bad-actor use-cases.
Asking for way more permissions as a developer overreach is also a possibility.
Maybe they started with everything permissible, developed the app and haven't trimmed the permissions back to essentials only is also possible.
This allows for the 2nd case with also the potential (ab)use case outlined initially.
> A lot of my clients are now requiring a Whatsapp account for
> communicating with their reps. The "good" program that would run as a
> Linux standalone was forced off the net by Whatsapp's lawyers, but there
> is still a good plug-in (?) that allows you to run the web app as a
> separate window. The one BIG problem is that you need a keitai with a
> camera for setup, it needs to be left idling while you're online /
> waiting for calls, and the keitai should be running off your WiFi...
BTW, what is the reasoning behind this?
I.e. I have to install an app on my cheap Chinese-built Android phone,
and the app requires permission to poke into just about everything. And
then the desktop version (Linux WebApp or native Windows/Mac app, as far
as I can tell) is basically acting as a dumb client connecting to a
server running on my phone. (IIUC?) That is so weird, there must be a
good reason for it.
Is it about tying it to a phone number? Is this for regulatory purposes,
or as part of the security aspect?
Darren
--
To unsubscribe from this mailing list,
please see the instructions at http://lists.tlug.jp/list.html
The TLUG mailing list is hosted by ASAHI Net, provider of mobile and
fixed broadband Internet services to individuals and corporations.
Visit ASAHI Net's English-language Web page: http://asahi-net.jp/en/
- References:
- [tlug] Skype or Something Better?
- From: Darren Cook
- Re: [tlug] Skype or Something Better?
- From: CL
- Re: [tlug] Skype or Something Better?
- From: Darren Cook
- [tlug] Skype or Something Better?
- Prev by Date: Re: [tlug] Skype or Something Better?
- Next by Date: Re: [tlug] Skype or Something Better?
- Previous by thread: Re: [tlug] Skype or Something Better?
- Next by thread: Re: [tlug] Skype or Something Better?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |