The whole problem with security is that it's often difficult to tell whether all steps of what are happening now align with the device owner's true intent--
* Is it the device owner providing the direction to do this?
* Will the input being consumed as a result of this direction result in actions that the device owner approves of?
etc.
A kind of blanket assumption that everyone and everything is the adversary is a good starting point. The system needs to protect itself, in order to be able to faithfully follow the owner's instructions in the future.
* Is it the device owner providing the direction to do this?
* Will the input being consumed as a result of this direction result in actions that the device owner approves of?
etc.
A kind of blanket assumption that everyone and everything is the adversary is a good starting point. The system needs to protect itself, in order to be able to faithfully follow the owner's instructions in the future.