WingNews logo WingNews
top | item 33284143

(no title)

dougk16 | 3 years ago

Google does some pretty surprising levels of static analysis of compiled source, particularly surrounding their API usage. There's a few examples I've run into but the first that pops to mind is when they started requiring a yes/no confirmation dialog before allowing a user to access a non-https resource through the WebView. There was no way a human was running into that on the particular app I was working on. We're not talking advanced static analysis but it's not a simple decompile and grep either.

In another case I had accidentally left some dead/debug AWS access credentials in a build and they sniffed those out too. Notable since that's not even Google-related. They had to have been looking for a particular AWS library method signature and how it was fed. I would bet on their static analysis getting more advanced, in which case it could also be used to prove that OP is using APIs/permissions in a safe manner. But of course they're not incentivized to do that.

discuss

order

chippiewill|3 years ago

Yeah, it wouldn't surprise me if their static analysis saw the contacts being fed into a native binary (which they would definitely struggle to analyse) and threw up a red flag. From that point everything is futile because no one you can actually talk to at Google is empowered to disable the flag.

saagarjha|3 years ago

Google generally would have an incentive to not be up in a negative light on Hacker News if they could avoid it, no?

dougk16|3 years ago

Google is a vast, schizophrenic organization. They're big enough that they have different teams and internal politics fighting each other all the time. It's not a unified consciousness with consistent incentives. Even if that's a bad take, Google is constantly seen in a negative light on Hacker News. The Google hive-mind doesn't care too much.

aasasd|3 years ago

I'm not sure what kind of importance you ascribe to HN, but from here outside of SF I feel like Google doesn't give a remotest shit about this gathering, and generally has the feelings sensitivity of a triceratops. Moreover, they're actively undermining power-user workflows on Android—so the attitude can in fact be measured as negative, if only by passing chance.

solardev|3 years ago

I think Google stopped caring about their reputation long ago. It's all lock-in and advertising increases now.