The level of transparency about which APIs a particular app uses on the iPhone is not particularly good. I have a feeling that some apps and libraries, particularly advertising/analytics solutions have been abusing this fact.
The Android system of notifying the user exactly which APIs are being used by an app, prior to install, seems like a step in the right direction.
The Android system of notifying the user exactly which APIs are being used by an app, prior to install, seems like a step in the right direction.
The talk mentions that class unmarshalling, encrypted payloads, and other tricks that make this a very hard problem. The truth is that code-based analysis can only go so far, especially when what you're looking for will be deliberately obfuscated. The legal barriers that mechanical_fish brought up are probably far more effective.
The Android system of notifying the user exactly which APIs are being used by an app, prior to install, seems like a step in the right direction.