...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ENV00-J | high | probable | medium | P12 | L1 |
Automated Detection
Detecting code that should be considered privileged or sensitive requires programmer assistance. Given identified privileged code as a starting point, automated tools could compute the closure of all code that can be invoked from that point. Such a tool could plausibly determine whether a body of signed code both includes that entire closure and excludes all other code.
...
Adherence to least privilege [XYN] |
Android Implementation Details
The Android system uses code signing as a means of identifying the author of an application and establishing trust relationships between applications, not as a means of granting elevated privileges to code.
Bibliography
| |
Appendix C, Sign Only Privileged Code | |
|
...