General Android Security Question...

[billyk]

I had a long thread on security earlier this year regarding the use of apps intended to protect your Droid if stolen. Now I've another question/concern.

Given the fact that...
- We have apps on our Droids with varying levels of permissions
- Our Droids are connected to the 'net 24/7
- Many of us have encrypted password safe databases on our Droids

... can an app (ostensibly performing some non-threatening purpose) locate these db's on our Droids and transfer them over the 'net back to app developers without us knowing about it?

-bk

 

[billyk]

any thoughts?

 

[poloman]

I'll bet your concern has some validity. The real issue is...what do you have to steal? If you have a lot, you may want to limit your apps.

Sent from my DROIDX using DroidForums App

 

[billyk]

I do limit my apps, just for this purpose. Like a lot of other password safe users, I've got hundreds of website id/passwords. Someone with malicious intent could wreak havoc on person's life if they have full access to that stuff.

Thankfully, I did noodle this back when I first got my D1, and I made a separate db with bank information that does not go on my D1.

 

[takeshi]

... can an app (ostensibly performing some non-threatening purpose) locate these db's on our Droids and transfer them over the 'net back to app developers without us knowing about it?

Theoretically, many things, including this, are possible. We could play "what if" and come up with all sorts of crazy scenarios ad infinitum.

 

[billyk]

Ok. Didn't think this was such a remote possibility given the complex behaviors in common virus apps. But if it is, that's a good thing.