Customize

Check your smart phone app permissions

Discussion in 'News and Current Events' started by DeathHamster, Dec 12, 2013.

  1. DeathHamster Member

    http://www.techrepublic.com/blog/it-security/why-does-an-android-flashlight-app-need-gps-permission
    ^^ Writer doesn't ask why a #$%@ flashlight app would need to uniquely identify your phone, need network access or access non-app storage. Camera is probably needed to access the camera flash LEDs.

    I've either deleted or not downloaded apps which required unjustified permissions. (Sometimes the developer is just being sloppy. Do not want apps by sloppy developers.)
    • Like Like x 3
  2. Kilia Member

    What does the WWP app say?
  3. DeathHamster Member

    I've never used it (browser works fine for me). Here's what's listed in Google Play Store:
    Explanation of the reasons for some permissions:
    https://contacts.zendesk.com/entries/23708306-Android-Permissions-Explained
    • Like Like x 1
  4. Kilia Member

    Thank you for the info DH. Much appreciated.
  5. Why in the fuck would WWP "need" this?
  6. Anonymous Member

    We use it to keep up with the OSA bot infestation. Easier to track them with my dear!
    • Like Like x 2
  7. muldrake Member

    Motherfucker! These assholes got me. It's deleted now.
    • Like Like x 1
  8. Anonymous Member

    Need what?
  9. DeathHamster Member

    At a guess, to support multiple accounts on WWP?
  10. ...yet sockpuppets are not allowed here ......
    • Dislike Dislike x 2
  11. DeathHamster Member

    Really? Who says?
    • Like Like x 1
    • Dislike Dislike x 2
  12. Anonymous Member

    Mods are sock puppets.
    • Like Like x 2
    • Dislike Dislike x 2
  13. DeathHamster Member

    Hmm. Looks like Google is allowing users to change app permissions after installing. (As of KitKat 4.4) That's good but I guess I'll have to add checking rather than assuming a permission is available.

    http://www.techrepublic.com/blog/so...-get-ready-for-fine-grained-user-permissions/
    • Like Like x 1
  14. Anonymous Member

    HAHAHhahahahAHAHAH
  15. DeathHamster Member

    In light of the leaks about NSA operations, it occurs to me that there is a vulnerability in Android phones.

    With apps downloaded from the Google Play Store, you have the option of auto-updates or telling you that there is a new update and letting you get the update yourself. It also warns if there is a permission change before installing even if it's set for auto-update.

    However, all of that is done on Google's end. When Google finally says "Phone, here's an update", phone says "Yes sir!" and installs it, regardless of any permission changes.

    So it would seem that Google, or someone pretending to be Google by redirecting traffic between the phone and Play Store, could install anything they wanted disguised as an update. I'm sure that there's all sorts of encrypted handshaking going on before an update will happen, but when someone like the NSA can do a very sophisticated man-in-middle attack, and has access to Google's internal network traffic .. well, I don't know if that's secure.

    Normally there's a notification on the phone that there's been an update, but a trojan update with elevated permissions could clear that.

    I'm saying Android because that's what I'm familiar with. I wouldn't count on iPhones, Blackberrys or stuff like Windows update and sudo apt-get update being any more secure that way.
    • Like Like x 2
  16. Quentinanon Member

    I agree on the man in the middle attack scenario. However,.....
    If you have a rooted Android, you can arbitrarily change permissions on executables, files and directories. You can also use iptables to determine which apps have internet access. You can also survey which apps push ads, for who and what the ad parasite does with your identity and location information. You can then remove accordingly.
  17. DeathHamster Member

    And if a trojan update with its own rootkit got in there, that could be lies.
  18. Quentinanon Member

    That's true. The firmware could be trojaned. Did you hear Jake Appelbaum's presentation in Berlin at the CCC Messe?

Share This Page

Customize Theme Colors

Close

Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins