> App security for other platforms generally involves code analysis to see what it does, rather than denying access to APIs. But Google made a decision to restrict APIs ...
oh, you would simply statically analyze the javascript to know if it's bad. intriguing
Conversation
there's an appeal to the code review processes of app stores, like they're good. and then i see infosec people playing along like this is tractable
2
1
26
Replying to
The approach of moving to a declarative content filtering API instead of extensions using invasive access to every web page is an important improvement even if you trust the developers of the extensions. They're currently opening up weaknesses in the site isolation sandbox.
There has been a ton of work to make the process boundaries into internal security boundaries by implementing the semantic isolation between sites and the restrictions on them at the process level. Extensions run as one process messing around with all of them at the same time.
1
Exploiting an extension can be an easy way to escape from the site isolation sandbox and get control of other sites. They also introduce side channels and defeat work being done on network key isolation partitioning for connection pools, cache, etc. since they don't bother.
1
1
2
Show replies