Possible security hole for Dialers/troyan horses

Jonathon Suggs jsuggs at murmp.com
Fri Mar 2 00:03:47 CET 2007

Tomasz Zielinski wrote:
> 2007/3/1, mathew davis <someoneinjapan at gmail.com>:
>> then give it a rating of some sort 1 - being safe/trusted program and 
>> 10 -
>> being known bad binary/ don't use at any cost unless you really want bad
>> things to happen.
> Well, nobody will recognize difference between rating 2 and 3 or 6 and
> 7. I think set of three values is sufficient: 1 - allow network/GSM
> activity, 2 - ask every time app is trying to open connection/send
> SMS/make voice call, 3 - ban without asking.
> I wonder if OpenMoko system/library calls can be overriden or catch at
> layer which will be able to show dialog popup for setting 2.
I really like that idea.  That could be a standard part of EVERY 
installed app (outside of trusted OpenMoko apps).  Just one more step in 
helping users not shoot themselves in the foot.

As far as the implementation.  If this is the way we wanted to proceed, 
then yeah its possible, but would require a decent amount of work that 
would have to get incorporated into the main trunk.  As a general rule, 
anything is possible.  But it comes down to how much time/effort would 
it require, and if people are willing to put in that time/effort.

More information about the community mailing list