[...] the Policy must always obfuscate the data before storing it, using a key that is unique for the application and device. Obfuscating using a key that is both application-specific and device-specific is critical, because it prevents the obfuscated data from being shared among applications and devices.
However, in order to get a truly device-specific identifier requires extra permissions:
Note that, depending on the APIs you use, your application might need to request additional permissions in order to acquire device-specific information. For example, to query the TelephonyManager to obtain the device IMEI or related data, the application will also need to request the android.permission.READ_PHONE_STATE permission in its manifest. Before requesting new permissions for the sole purpose of acquiring device-specific information for use in your Obfuscator, consider how doing so might affect your application or its filtering on Android Market (since some permissions can cause the SDK build tools to add the associated ).
So it's easy to see how permissions can be declared for something innocuous but used for something nefarious.
NOTHING has access to the physical disk directly unless it is a program coming off of the physical media that the machine was booted with (An OS installation ISO).
1. copy malware executable to system disk
4. write to MBR
it's interesting to see the large flow of interconnected retweets in just one hour
I think the visualization of a slashdotting is more interesting.
It looks like this: Network Error (tcp_error) A communication error occurred: "" The Web Server may be down, too busy, or experiencing other problems preventing it from responding to requests. You may wish to try again at a later time. For assistance, contact your network support team.
stole US$930,000 of goods from the storage giant's North Carolina factory
Storage. They make storage.
If I had gone door to door pretending to be with your bank and requested any of your credit cards, you'd either be considered an idiot and/or I could be charged with some form of fraud.
I would argue that you're an idiot if you respond to phishing e-mails.