Why are all vendors so irresponsible about this? Uhg.https://twitter.com/SwiftOnSecurity/status/824471753284079617 …
-
-
Replying to @RichFelker
Device administrators request permissions like anything else. Device admin is essentially a higher tier permission category.
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS
s/request/demand/. But my complaint is more about bad UX failing to remind the user they're on a backdoored device.
1 reply 0 retweets 0 likes -
Replying to @RichFelker
It would be hard to do that since a device admin requesting everything could probably install + enable accessibility services.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
Accessibility services essentially take precedence over all OS UX. They can draw on top of everything. Also pre-FBE, it [...]
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
[...] disables credential-based encryption, since accessibility apps needs to be available as soon as user input is required.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
There are quite scary warnings when going into the menus to enable device admins / accessibility services. IMO, device [...]
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @RichFelker
[...] admin is way less of a foot gun than enabling an accessibility service. Would be easy to exploit disabled users via that.
2 replies 0 retweets 0 likes
So that's another fatal flaw in their privilege model. Doesn't justify another one.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.