Why are all vendors so irresponsible about this? Uhg.https://twitter.com/SwiftOnSecurity/status/824471753284079617 …
s/request/demand/. But my complaint is more about bad UX failing to remind the user they're on a backdoored device.
-
-
It would be hard to do that since a device admin requesting everything could probably install + enable accessibility services.
-
Accessibility services essentially take precedence over all OS UX. They can draw on top of everything. Also pre-FBE, it [...]
-
[...] disables credential-based encryption, since accessibility apps needs to be available as soon as user input is required.
-
There are quite scary warnings when going into the menus to enable device admins / accessibility services. IMO, device [...]
-
[...] admin is way less of a foot gun than enabling an accessibility service. Would be easy to exploit disabled users via that.
-
So that's another fatal flaw in their privilege model. Doesn't justify another one.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.