zlacker

[parent] [thread] 4 comments
1. Groxx+(OP)[view] [source] 2025-06-05 18:51:19
self-modification doesn't imply much when you can embed v8 in your app, which they take no issue with at all
replies(2): >>lblume+Kf >>jmb99+ci
2. lblume+Kf[view] [source] 2025-06-05 20:42:23
>>Groxx+(OP)
The difference is that V8 is sandboxed.
replies(2): >>gmueck+Ul >>Groxx+fq
3. jmb99+ci[view] [source] 2025-06-05 21:02:15
>>Groxx+(OP)
The difference is, in theory if DJI were discovered to be doing something malicious, it could be taken down from the Play Store. If 0% of its current users were side loading the application, that means 100% of their users would be unable to install the app the normal way, and there would be substantial friction to migrate them to sideloading (a google of "install dji app" would probably return a bunch of news articles about whatever the problem was before dji's install instructions).

By making it "normal" to install the app via sideloading, there's little Google could do in the event of malicious app behaviour, and the majority of users would not find out about it (at least, not immediately).

◧◩
4. gmueck+Ul[view] [source] [discussion] 2025-06-05 21:28:38
>>lblume+Kf
I haven't seen a single widely used sandbox that has never leaked.
◧◩
5. Groxx+fq[view] [source] [discussion] 2025-06-05 22:12:07
>>lblume+Kf
then replace "v8" with "arbitrary binaries" because that's true too. embed a lisp and do whatever you like, for example. Golang, C, Rust, Dart, etc are all quite common too, and nobody would call C "sandboxed".

all self-modifying really prevents you from doing is stuff like dynamically changing your permissions. which is a broadly reasonable restriction because it'd complicate the approval UI (and the actual enforcement mechanisms) quite a bit further.

[go to top]