Hacker News new | past | comments | ask | show | jobs | submit login

But all you need is that one person to side load something malicious and everyone in their contacts may be compromised.



No no. I'm talking about keys to my phone alone. If I choose to trust my own certificate then that only impacts what software I can run on my phone. An app cannot "sideload itself onto all your contacts". This extends to the OS itself. Let me change the certificate governing the OS software. Only once you allow that do I truly own my phone.


2muchcoffeeman doesn’t say apps will migrate to other phones.

(S)he implies that your friend’s phone being compromised will leak data about you (email address, physical address, birth date, mails you sent, etc)


If you give your friend that data, it's out of your hands. If you don't want your email address or birthdate to be known, don't give it to anyone.

I pretty much opertate from the point of view that anything I send in an email or text is public, and temper what I write accordingly.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: