Hey Dom, Thanks for your comment. I agree that some scenarios are unlikely. Its real danger, as you've identified, is that unexpected behaviour can lend credence to an otherwise obvious attack. For example, if you take a look at this fake "Android virus alert" - how much more convincing would it be if the phone vibrated with its "alert"? It will be interesting to see how this develops - and I look forward to reading more about the permissions model. T