[guardian-dev] Proposal for Secure Connection Notification on Android

[Nathan of Guardian]

On 11/15/2012 10:40 PM, Mark Murphy wrote:
> I am not completely clear on what feedback you are seeking, so here
> are my two cents' worth...
Mostly I want to know if someone else has already thought about or
worked on this, and in addition how this could be improved or fixed if
broken.
> Do I want to know who your graphic designer is for the custom icon? Yes. :-)
The key? Hmm. I will have to remember!
> Is it likely to work well with long-lived connections? Not really
> IMHO. Users will eventually "tune out" the Notification if it is there
> all of the time.
Yes, long-lived connections are a problem.
> One thing that might be useful is to have a different icon if the
> foreground app has a secure connection, versus whether it is purely
Great idea.
> That will be somewhat difficult to implement, as by default N separate
> apps will wind up with N separate notifications. Coordinating this --
> electing some app to be the "manager" of the shared Notification --
> will be tricky. Probably not impossible, but tricky. 
Right. I suppose we could do it via a public intent on a separate app,
right?

> Exploiting a privacy flaw isn't a great solution IMHO, particularly
> under the circumstances. I'm hoping we can get rid of the netstat
> privacy leak, not make it more pronounced. App A should not be able to
> know who or what App B is talking to, outside of rooted devices or a
> dedicated permission, IMHO. 
Yes, I am curious why this is possible to do w/o any permissions. Just
one of those Android things perhaps.

+n