Donnerstag, 11. November 2010

ScientificPlotter - an security overview

Security has become more crucial nowadays and specially on a mobile phone. Because of that, we want justify the permissions ScientificPlotter claims.

As you can see on figure the figure below, that we tried to keep the permissions as few as possible, basically there are only two permissions we need


This permission came up with a somewhat antiquated idea. Nowadays everything is shared over common ways: email, bluetooth, sms/mms, Picasa and so forth but if you just want to save the plot to your SD Card than this permission allow us to do it. In principle this is only for saving screenshots on your SD Card in a specific folder called ‘ScientificPlotter’.

Network communication

This permission is very important and we use it very dutiful. Well I don’t have to tell you that this permission gives us full Internet access, but what for? We have built in an open-source error reporting framework called ACRA (Application Crash Report for Android). This rather powerful framework is for the case which hopefully never should occur, a bug. When an unexpected error occurred forcing the application to stop, ACRA send a notification to your notification bar, asking you for allowance to send the error report. And because the system is open-source you can convince yourself that it does nothing evil. 

A common error report 
The information we send consists of hardware and software information, as there are the manufacturer, the model, the firmware, the Android version, how many memory was available as the error occurred, when does it occurred and the significant stack trace which give us access to the root of the error. 


As you probably noticed ScientificPlotter is ad-supported by the Mobclix ad-exchange service. To ensure that the advertisement banners are provided properly, the Mobclix SDK needs additional three permissions. These three permissions and their description are extracted from the manual:

Used to retrieve ads

android.permission.GET_ TASKS
Used to determine if the application is the top app, to prevent ads from loading while the app is in the background.

Used to obtain a unique device identifier.

Endian Ogino 

Keine Kommentare:

Kommentar veröffentlichen