|
|
|
|
|
|
by jonoberheide
5143 days ago
|
|
|
FYI, it is possible for unprivileged apps to invoke the INSTALL_ASSET functionality themselves. One such example described here: http://blog.duosecurity.com/2011/05/when-angry-birds-attack-... Another variation of that attack is still unpatched, allowing any app to invoke INSTALL_ASSET. Certainly that's not intended functionality and is a bug that will be (eventually) patched, but I wouldn't classify it as FUD. |
|
|