Indeed, an update can't be more malicious than the permissions allow it to be. Y... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bmacho 6 days ago \| parent \| context \| favorite \| on: Android developer verification: Early access start... Indeed, an update can't be more malicious than the permissions allow it to be. You have a calculator app with limited permissions, it is "safe" to set to allow the developer to update it. No danger in that. But I don't think it is enough, or it is the right model. In other cases, when the app has dangerous permissions already, auto-update should be a no-go.

cesarb 6 days ago [–]

> Indeed, an update can't be more malicious than the permissions allow it to be.

...in the absence of sandbox escape bugs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact