This effectively tells every application on the device that there is a TDH running. Knowing the address isn't particularly useful since the app since needs to be authorized before it can actually do anything. But this is leaking data about the existence of the TDH on the device and its address. Although once we fix #41 we will only advertise the local address and nothing else so the amount of data leaked is quite small. I still suspect that once we do a security review this will have to be changed to something a bit more private. A service binding might work since I believe you can specify who has permissions to do such a binding. That way only apps that are authorized to know there is a TDH will know it's there.
yaronyg
commented
10 years ago
This effectively tells every application on the device that there is a TDH running. Knowing the address isn't particularly useful since the app since needs to be authorized before it can actually do anything. But this is leaking data about the existence of the TDH on the device and its address. Although once we fix #41 we will only advertise the local address and nothing else so the amount of data leaked is quite small. I still suspect that once we do a security review this will have to be changed to something a bit more private. A service binding might work since I believe you can specify who has permissions to do such a binding. That way only apps that are authorized to know there is a TDH will know it's there.