No need to summarize either of the papers you read. 1) In Unix/MacOSX/Windows, each application has a set of permissions based on the permissions of the user who ran it. In Android, each application has its own set of permissions that is specific to the application (regardless of who is using it). Describe how Android's design choice helps with security. 2) Suppose 10% of Android users (the "experts") pay attention to permissions, understand them, care about them, and act on them. The first paper hypothesizes that it is possible this might be enough to protect most users, if when experts detected a sketchy app they wrote negative reviews or spread the word about that app. Suggest an experiment you could perform to empirically test whether this hypothesis is true. 3) Suppose Google wanted to adopt trusted UI into the Android platform, for permissions where the second paper suggests using trusted UI. Describe one factor that may make it hard for Android to adopt it today. Can you estimate how serious this would be, based on the data in the paper? 4) What's the one thing you'd most like us to discuss in class today?