ubuntu-phone team mailing list archive
-
ubuntu-phone team
-
Mailing list archive
-
Message #08627
Re: Calling for Click signing
On Wed, 2014-06-18 at 14:39 +0100, John Lenton wrote:
> On 18 June 2014 14:27, Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx> wrote:
> > Idea is to protect from using side load to update existing application with
> > intruder's version to gain access to application private data or phone's
> > resources.
>
> sorry for being dense, but what's the scenario where you are able to
> sideload while also not being able to just get the data you want off
> of the phone directly?
Yeah, one kind of needs a rooted phone with physical access to be able
to install arbitrary click packages not from the store. In which case,
you are root, and have a phone you can just walk off with anyway.
Signatures aren't to prevent users/developers from being dumb when
rooting their phones and installing arbitrary click packages.
Follow ups
References
-
Calling for Click signing
From: Ondrej Kubik, 2014-06-05
-
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-06
-
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-06
-
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-07
-
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-13
-
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-13
-
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-13
-
Re: Calling for Click signing
From: Martin Albisetti, 2014-06-13
-
Re: Calling for Click signing
From: Ondrej Kubik, 2014-06-18
-
Re: Calling for Click signing
From: John Lenton, 2014-06-18
