Possible security hole for Dialers/troyan horses

[mathew davis]

Here are a few options that I have thought of.

What if there was a peice of software that was like an emulator that would
run the binary on your computer before you uploaded it to your phone.  That
would to catch certain security flags, or potentially undesired
behavior, letting the user know this binary could cause potentially harmful
affects then give it a rating of some sort 1 - being safe/trusted program
and 10 - being known bad binary/ don't use at any cost unless you really
want bad things to happen.

Another option would be to let the phone run it in a virtual mode, where to
the program by all intents and purposes it was running on a fully functional
phone.  The program would then catch the out going streams, sms messages, or
any other harmful things the program might or might not do.  It could then
generate a report showing what the program is trying to access and give it a
safty rating on the same 1 - 10 scale.

Of course the safest bet would just to web site that had fully tested and
approved programs for the neo that users could find easy to use and had the
programs that they were looking for and then inform users of the dangers of
not using trusted software.  Then put the responsibulity on the user.

Ultimatly this is an open phone and we are trying to make it as open as
possible.  We don't want users to easily be able to shoot themselves in the
foot and have a bad experiance with the phone, but at the same time we don't
want this to turn into some kind of windows system where you have to jump
through 50 hoops to get what you know is fine to work.  Eventually it will
come down to the user.  We can have websites, forums, and blogs that help
inform users about dangers and help them fix some of the damage they might
have caused.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openmoko.org/pipermail/community/attachments/20070301/b2e70d1a/attachment.htm