[android-developers] Re: Override in call-screen - Security Bug or Feature?

The call screen has been secured on the Motorola Droid from launching
an activity when an event is detected.

I have tried to fire the home activity and then launch my activity,
but it is still blocked. However, I can open other applications from
the home screen.

Any ideas to get my activity to display during a call? It has been
working until the Droid was released. Even testing through the
emulator works fine. Just not on the Droid.

Is it possible to find a solution similar to installing apk's from
unknown sources?
If the user must manually approve access to the in-call screen, is the
security
concern reduced?

The ability to provide customized information or actions to users
depending on their
needs would be very useful.

On Nov 9, 10:17 am, "Fred Grott(Android Expert, http://mobilebytes.wordpress.com)"
<fred.gr...@gmail.com> wrote:
> Seems to me if we could come up with a pleasant icon of warning that
> it is not the default call-screen that my alleviate some problems
>
> have the icon clickable with an information screen/toast
>
> On Nov 4, 4:24 pm, Jarman <jarman.andr...@gmail.com> wrote:
>
> > Sorry, I meant "she" of course, too fast on the keyboard :)
>
> > This has been resolved, it´s not a bug. This is the response I got
> > when i reported it as a possible security issue:
>
> > It depends on what you mean by "override the in-call screen".
>
> > In the discussion groups this *usually* comes up when someone wants to
> > totally replace the in-call UI with a new design (which should still
> > be
> > fully functional, but just look different.)  This unfortunately isn't
> > possible in Android 1.x or 2.0 because 3rd party apps aren't (yet)
> > allowed
> > full access to the telephony APIs.
>
> > But you're just talking about the ability to pop up some other
> > activity on
> > top of the in-call UI.  Looking at your app's description, I assume it
> > listens for incoming call events, and then eventually launches some
> > other
> > activity on top of the in-call screen.  Sure, there's nothing
> > preventing
> > this; any 3rd party app (with appropriate permissions) can launch new
> > activities whenever it wants.
>
> > (You're right that a malicious app could do this and be extremely
> > annoying, but the user can always hit HOME, and get back to the real
> > InCallScreen by pressing the green button or selecting the in-call
> > notification.)
>
> > Also FWIW, this app (and the similar ones also in the market) do
> > require
> > at least a couple of permissions marked as "dangerous", so at least
> > the
> > user will see a warning before installing it...
>
> > Bottom line: no security hole here.  It's possible for an app (with
> > the
> > right permissions) to be annoying, but even so it's still fairly easy
> > for
> > the user to recover.
>
> > On 4 Nov, 20:15, Disconnect <dc.disconn...@gmail.com> wrote:
>
> > > Didn't the whitepages app come out in the very very first days of the
> > > market with this capability? (I didn't use it much, at the time there
> > > was no 3g in this area. Plus, submitting incoming phone #s to a 3rd
> > > party service was really skeevy.)
>
> > > As an aside, Dianne is a girl's name. :)
>
> > > On Wed, Nov 4, 2009 at 10:47 AM,Jarman<jarman.andr...@gmail.com> wrote:
> > > > I just had a private mail-discussion with Dianne Hackborn and he asked
> > > > me to put this issue on the Developer forum for further discussion.
>
> > > > I have managed to override the in-call screen from the Java API (i.e.
> > > > not modifying the source).
> > > > (If you want to se it happen, download Jarmans ReverseLookup from the
> > > > Market, it´s free)
>
> > > > Reply from Dianne:
> > > >>> It can't be done in a supportable way without modifying the source.  I don't know how you went about your
> > > >>> solution, but there is probably a good chance that it would be broken in a future version of the platform.  Actually >> there could even be a chance of it bring deliberately broken if security concerns get raised (disrupting the
> > > >>> standard in-call information like this without the user approving is something that is likely to get filed as a
> > > >>> security bug in the platform).
>
> > > > What do think about this?
>
> > > > Best Regards
> > > >Jarman
>
> > > > --
> > > > You received this message because you are subscribed to the Google
> > > > Groups "Android Developers" group.
> > > > To post to this group, send email to android-developers@googlegroups.com
> > > > To unsubscribe from this group, send email to
> > > > android-developers+unsubscribe@googlegroups.com
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/android-developers?hl=en

--
You received this message because you are subscribed to the Google
Groups "Android Developers" group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en