ubuntu-phone team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 14-06-18 10:33 AM, Rodney Dawes wrote:
> On Wed, 2014-06-18 at 14:39 +0100, John Lenton wrote:
>> On 18 June 2014 14:27, Ondrej Kubik <ondrej.kubik@xxxxxxxxxxxxx> wrote:
>>> Idea is to protect from using side load to update existing application with
>>> intruder's version to gain access to application private data or phone's
>>> resources.
>>
>> sorry for being dense, but what's the scenario where you are able to
>> sideload while also not being able to just get the data you want off
>> of the phone directly?
> 
> Yeah, one kind of needs a rooted phone with physical access to be able
> to install arbitrary click packages not from the store. In which case,
> you are root, and have a phone you can just walk off with anyway.
> 
> Signatures aren't to prevent users/developers from being dumb when
> rooting their phones and installing arbitrary click packages.
> 

You don't need a rooted phone to be able to install click packages. The regular
phablet user can install any package they want.

Marc.