I was wondering, is it possible to access what the INTERNET permissions grants, without actually requesting that permission?
Environment: rooted Android phone from API 15 (Android 4.0.3) to the newest one at the time of the answer and app as system app with privileged permissions. No signature permissions, but supposed I have them too. Just ANY way.
I'm asking this not to do some stupid stuff (hopefully no one that reads this will do, if there are any positive answers). Asking because I'm making an assistant app which is supposed to control the entire phone if needed, and requests many permissions. If the INTERNET one is not one of them, if I publish it on some store, people could be relaxed about privacy, since I can't send anything out - or can I still...?
If I can, I'll just let them know there's no way to be sure I won't steal their privacy except by trust (I guess? Or there's some other way I didn't think of?). If there's no way, well, done. Easy. Just don't include it and it's fine about privacy (would have to think about ads, but that's something else - reduced and full version or something).
Related
I have a few questions about privacy protection on Android and iOS. I've looked at Android documentation, but as a beginner I am not sure if I understand correctly (I put my understanding in square brackets). Especially, not finding the obvious way does not mean there are no workarounds to get the same information. Therefore, could any developer give advice on the following questions? Answers about iOS are also appreciated.
Can the user allow an app to use the microphone/camera/location only once (i.e. the system should always ask the user every time this app needs access)? [No, the "never ask again" option in the dialog is not meant for this purpose.]
If microphone/camera/location permission is given to an app, can it access these while in background? [Yes.]
Is it possible for an app (running in foreground) to obtain the list of other apps currently running or installed on the device? [Yes for installed ones, not sure about currently running ones.]
Can an app in background know what other apps are currently running and which one is in foreground? Can it possibly figure out whether the user is using the phone? [Not sure.]
Can an app (apart from the OS itself) take screenshots? [No.]
With regards to Android:
Can the user allow an app to use the microphone/camera/location only once (i.e. the system should always ask the user every time this app needs access)?
Not directly. They could have this effect by granting the permission, using the app, then going into Settings and revoking the permission. I suspect that few people do this. Offering a one-time-use-only option directly in the runtime permission dialog is an interesting option, though I suspect that Google would pass on it as making the flow too complicated.
If microphone/camera/location permission is given to an app, can it access these while in background?
Locations, yes, though with some limits on Android 8.0+ (for power savings). Microphone/camera, yes, though reportedly no longer starting with Android P.
Is it possible for an app (running in foreground) to obtain the list of other apps currently running or installed on the device?
Installed, yes. Running, not really, on newer versions of Android.
Can an app in background know what other apps are currently running
See above.
and which one is in foreground?
Not really, on newer versions of Android.
Can it possibly figure out whether the user is using the phone?
You can tell if the screen is on. IMHO, "whether the user is using the phone" has lots of possible definitions.
Can an app (apart from the OS itself) take screenshots?
I do not know how you are drawing the distinction here. An app can request screenshots and screen recordings through the media projection APIs on Android 5.0+, though this involves user acceptance. This acceptance is a one-time-per-process thing, so the user would have to grant access again in the future (akin to what you were seeking for microphone/camera/location).
I am getting very conflicting information regarding the use of android.permission.READ_LOGS Android permission. Firstly, the Android Documentation website does not specify the protection level of this permission. It is neither classified as normal, nor dangerous. They do specify the following:
"Not for use by third-party applications, because Log entries can
contain the user's private information."
Some websites say not to use it for the same privacy concerns.
However I have some issue with that:
When I tested this permission in my app on Android 7.1.1 (Nexus 5X) and Android 4.4.2 (old Samsung 8" tablet), neither of them prompted me that the app required this permission. Both said that the app requested "no special permissions". This only happens if the permission is deemed "normal", in which case it is automatically granted.
Secondly, using this permission, I can only view logs from logcat pertaining to my app, which does not log any personal information. Hence, I don't violate any privacy either. I thought this permission may allow me to see other app's logs, causing privacy issues.
So, if this is the case, then is it deemed safe to use this permission in a production version of the app? It would help me a lot in debugging strange bugs users face if they can send me a logcat by the press of a button.
EDIT: Ok, now I am quite confused. It appears that I don't need to explicitly specify this permission in the manifest either.
Is READ_LOGS a normal or dangerous Android permission?
Neither. As of Android 7.1, it is signature|privileged|development. That basically means that apps signed as part of the firmware build or installed on the privileged partition can hold the permission, but nothing else can.
the Android Documentation website does not specify the protection level of this permission
Correct. READ_LOGS is still in the SDK, for backwards-compatibility reasons, but ordinary apps have not been able to hold it since Android 4.1, which came out five years ago.
This only happens if the permission is deemed "normal", in which case it is automatically granted.
No.
I thought this permission may allow me to see other app's logs, causing privacy issues.
It did, on Android 4.0 and earlier.
then is it deemed safe to use this permission in a production version of the app?
Well, bear in mind that there has never been a documented and supported way for apps to access LogCat contents. Most likely, you're using one of the script-kiddie solutions that have been posted, such as running the logcat command and capturing its output. So, it is entirely possible that there are devices, now or in the future, that will not support your particular approach towards accessing LogCat. So, the permission is not your problem; the lack of a supported API for LogCat access is your problem.
Personally, I'd use a logging library to log the content to both a file and to LogCat, using the file for whatever your app needs it for.
I’ve been building some android apps using the website ibuildapp.com
But the thing is that each app requires so many permissions despite the app does not use these features. My question is, can the app send personal information to their servers?
Are you asking if the app can send information to ibuildapp.com servers, or servers in general?
Apps should request permissions only when they need them to provide major functionality. I don't know anything about ibuildapp.com, but if it's requesting a lot of permissions it goes high on my "suspect" list.
permission.READ_CONTACTS, permission.READ_CALENDAR, permission.READ_PROFILE, among others, are not to be handed out lightly! The full list of permissions is listed at
Android.Manifest.Permission javadoc, along with documentation.
I'm an iBuildApp team developer, so I can answer your question. :)
The only reason why we ask all these permissions in every app is that this is how our service works at the current moment.
It has great number of widgets (i.e. page types / functions), every widget has it's own permissions needed. One of our features is that you can manage your app on the fly (modify content, change pages' types etc.), while in most cases there is no necessity to rebuild native app: all the changes will be visible in already built ones. This means that all the modules are built in inside an app (while, as mentioned before, every widget needs it's own permissions).
So in the main: yes, if an app (I assume not specifically our app, but any app) asks for some permissions then it can potentially use them in "bad" way.
But as for us: no. We're not interested in your personal data. We're only interested in providing an excellent service.
Hi i'm ibuildapp android developer.
You can unzip recieved apk file and edit manifest file. As soon as you've done zip it.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
For understanding how strong data should be secured on an Android device I want to understand which attacks are possible. I started to write down my knowledge and hope that I get corrections, where I'm wrong or where I'm missing something. I first assume that Google don't be evil, so will ignores attacks from google themselves.
Each application is signed and runs under his own user-id, so an app can only reads data which belongs to him, except the app creates a public storage. Furthermore app which are sign with the same key can share data.
If an application want to get special rights like reading or writing to calendar or contacts the user must accept it.
So by default it's a secure design. Unfortunately every system can have security issues, so that the system become corrupted. On Desktop-Systems regular updates are common practice. On the android it depends on the vendor and is except the Nexus mostly bad. So it could be that there are security holes open for a long period.
So how could an android phone be attacked?
Google can delete and install apps silently (Link). If someone hacks this mechanism, an attacker can install arbitrary apps on a device. Unsure if this app has automatically all rights it wants to have. This doesn't happens till now, but it's possible. You can only protect your phone by checking regularly all installed apps and there rights. This mechanism can be misused by a hacker.
Malicious applications can do a lot evil things, but if you don't give every app the rights the apps wanted and think a little bit, you can protect your phone.
Some security holes in the browser or the system allows an app to get root-access. In this case the app can do everything it wanted. I don't know any protection against this. As far as I know android has such security holes, so this is the most dangerous issue.
So in summary the only secure protection of data seems to be encryption. Depending on how secure your data must be with a default key or an individual key (in other words a password).
Some time ago I've found these PDF's, maybe they can help: slides, paper (more than 2 years old).
edit:
a new link for the slides
a new link for the paper
Google can delete and install apps silently. If someone hacks this mechanism, an attacker can install arbitrary apps on a device. Unsure if this app has automatically all rights it wants to have. This doesn't happens till now, but it's possible. You can only protect your phone by checking regularly all installed apps and there rights.
Delete may be silent, but the only push-install mechanism I know about is to use the firmware update mechanism, and that is not silent - the phone reboots twice.
Malicious applications can do a lot evil things, but if you don't give every app the rights the apps wanted and think a little bit, you can protect your phone.
Unfortunately, you cannot decline to grant permissions, you can only decline to install an app that requests more than you want to grant. And some permissions are quite broad, so an app may legitimately need a tiny part of some permission, but get the whole thing.
Some security holes in the browser or the system allows an app to get root-access. In this case the app can do everything it wanted. I don't know any protection against this. As far as I know android has such security holes, so this is the most dangerous issue.
On the other hand, these security holes are unfortunately what the owners of most devices must rely on in if they wish to to be able to install custom firmware, since most consumer phones were not designed to permit this. Knowledge about android security exploits is not much behind that of conventional linux distributions (most of the root exploit are inherited linux kernel exploits, not android exploits, since android has few components with root authority).
What is the recommended way of creating a demo version for an application. Basically, the demo version will be fully functional, but will be limited to running it 25 times. My worry is that if the user uninstalls and reinstalls, the count will be reset.
I thought about writing a data file to the SD Card with the count of executions (hoping that would persist after uninstall), but I do not want to add that permission if I can avoid it.
Any suggestions on how to have some type of demo flag persist after an uninstall?
Even if it's on the SD card, there's no reason the user can't just go and delete your file themselves.
I asked a similar question a few months ago, but that was for a review copy, not a demo version. You could do something similar to what Dave Webb suggested and store each user's device id on a server. It would mean you'd both need the READ_PHONE_STATE and INTERNET permissions enabled and I can understand not wanting to add additional permissions. However, it is the only fool-proof way I can think of to guarantee that an application is only run X number of times, as any change you make to the phone can be reversed.
mbaird pointed out that anyone can install the full version of your app and try it for one day before requesting a refund; with this in mind you might make a crippled demo version that informs the user of this (not-oft-used) Market functionality.