Go Back   Android Forums > Android Discussion > Android Applications
Android Applications All the information you could ever want about Android Applications. Learn about apps and get help with them... all here! New apps can be found and announced in the Applications Announcements forum linked below.

Find everything you need for the Galaxy S5 and discuss it in our S5 forum!
Have you seen that OnePlus One's awesome camera?? The forum is over here!

Like Tree38Likes

test: Reply
 
LinkBack Thread Tools
Old November 13th, 2012, 02:18 PM   #501 (permalink)
Junior Member
 
Join Date: Jul 2010
Posts: 57
 
Device(s):
Carrier: Not Provided

Thanks: 2
Thanked 0 Times in 0 Posts
Default

Can anyone tell me what this new permission does?

Quote:
  • Phone callsread phone state and identity
    Allows the app to access the phone features of the device. An app with this permission can determine the phone number and serial number of this phone, whether a call is active, the number that call is connected to and the like.
Seemingly, it can gather all phone numbers from a call while the app is running/installed? Should this be on any application, especially something as innocuous as the kindle app?

Elwood42 is offline  
Reply With Quote
sponsored links
Old November 13th, 2012, 10:30 PM   #502 (permalink)
New Member
 
Join Date: Nov 2012
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Great post you got here! Concise and very informative. I've learned quite some tips and tricks on how to better protect my Android unit. This should certainly be stickied!
christianrene is offline  
Reply With Quote
Old November 15th, 2012, 10:36 AM   #503 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Oivey! Now I need to start updating for Android 4.2!
Rico ANDROID and D-U-R-X like this.
alostpacket is offline  
Reply With Quote
Old November 23rd, 2012, 04:19 PM   #504 (permalink)
New Member
 
Join Date: Nov 2012
Posts: 9
 
Device(s):
Carrier: Not Provided

Thanks: 6
Thanked 1 Time in 1 Post
Default

Thanks, I am still on a big learning curve and this thread has been very useful!
alostpacket likes this.
maraetai is offline  
Reply With Quote
Old November 30th, 2012, 01:13 PM   #505 (permalink)
AF Contributor
 
Artine's Avatar
 
Join Date: Jul 2012
Location: The Moon
Posts: 1,303
 
Device(s): LG Optimus Elite (Harmonia 2.03, Sleipnir 2.4.0.5), SG Victory 4G LTE (???)
Carrier: Virgin Mobile

Thanks: 551
Thanked 587 Times in 359 Posts
Default

This is a fantastic read, thank you for all of the time and effort put into it! Just one question....

Quote:
Originally Posted by alostpacket
Updating applications is the same as installing them fresh

Each time you update an application on your phone, you should use thesame diligence as if you were installing it for the first time. Rereadthe permissions to see that it is only asking for what it needs and nomore. Reread the comments to see if anything has changed in the opinionsof the users and to see if it still works for your phone. If you seethat an application says Update (manual) next to it, that means thedeveloper has changed the permissions that they are requesting. This isnot necessarily a bad thing -- but it should indicate that you shouldpay a bit closer attention to the permissions and re-evaluate them asneeded.
Is this still the case, since the Play Store's been updated so that only the altered data for an update is downloaded, as opposed to the entire app all over again?
__________________
Sleipnir Developer. Author of the [FAQ-GUIDE] for CWM for the OE, and [GUIDE] to Removing Stock Apps for the OE, threads.
Artine is offline  
Reply With Quote
The Following User Says Thank You to Artine For This Useful Post:
alostpacket (November 30th, 2012)
Old November 30th, 2012, 01:17 PM   #506 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by Artine View Post
This is a fantastic read, thank you for all of the time and effort put into it! Just one question....



Is this still the case, since the Play Store's been updated so that only the altered data for an update is downloaded, as opposed to the entire app all over again?
Yes, this is still true -- the partial download thing is more about saving bandwidth than anything. Permission changes do still require a manual update though.

Good question though
Artine likes this.
alostpacket is offline  
Reply With Quote
The Following 2 Users Say Thank You to alostpacket For This Useful Post:
Artine (November 30th, 2012), EarlyMon (December 1st, 2012)
Old January 4th, 2013, 12:27 PM   #507 (permalink)
Junior Member
 
Ted Roo's Avatar
 
Join Date: Dec 2012
Location: Cobblers Knob, IN
Gender: Male
Posts: 42
 
Device(s): 2 x EVO V 4G
Carrier: Virgin

Thanks: 18
Thanked 9 Times in 9 Posts
Surprised

I was going to install OS Monitor, but I chickened out when I saw the permissions:

Quote:
  • Network communicationfull network access
    Allows the app to create network sockets and use custom network protocols. The browser and other applications provide means to send data to the internet, so this permission is not required to send data to the internet.
  • Your personal informationread sensitive log data
    Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the tablet, potentially including personal or private information. Allows the app to read from the system's various log files. This allows it to discover general information about what you are doing with the phone, potentially including personal or private information.
I'm interested in monitoring CPU mostly, and mostly out of curiosity.

Is there a way to block the internet access for one app?

I'm not saying the program is malware, but those permissions to my understanding would certainly allow it to be malware.

Android n00b and not used a firewall on a phone yet. Would that be a viable solution to my fear of this app and others, by not allowing network access for this app?

TIA!

https://play.google.com/store/apps/details?id=com.eolwral.osmonitor&feature=related_a pps#?t=W251bGwsMSwxLDEwOSwiY29tLmVvbHdyYWwub3Ntb25 pdG9yIl0.

I just read droidwall can block by program, so I'm going to try that.
alostpacket likes this.
Ted Roo is offline  
Last edited by Ted Roo; January 4th, 2013 at 01:06 PM. Reason: droidwall
Reply With Quote
Old January 4th, 2013, 02:59 PM   #508 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

I was just going to suggest DroidWall -- it does require root though.
Ted Roo likes this.
alostpacket is offline  
Reply With Quote
Old January 4th, 2013, 03:33 PM   #509 (permalink)
Junior Member
 
Ted Roo's Avatar
 
Join Date: Dec 2012
Location: Cobblers Knob, IN
Gender: Male
Posts: 42
 
Device(s): 2 x EVO V 4G
Carrier: Virgin

Thanks: 18
Thanked 9 Times in 9 Posts
Laugh

If I don't end up working, I'll hopefully get it rooted this weekend
alostpacket likes this.
Ted Roo is offline  
Reply With Quote
Old January 31st, 2013, 06:58 AM   #510 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 8
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 2 Times in 1 Post
Default

Hi everyone, like the guide. A quick question i was wondering about, if an app is NOT running but is installed can it still use the permissions?

Example, if you have an app which needs camera permissions like a barcode scanner could it still access the camera even though its not running.
alostpacket likes this.
PodgePapin is offline  
Reply With Quote
sponsored links
Old January 31st, 2013, 07:16 AM   #511 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,070
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,718
Thanked 54,861 Times in 21,882 Posts
Default Re: Android permissions explained, security tips, and avoiding malware

Quote:
Originally Posted by PodgePapin View Post
Hi everyone, like the guide. A quick question i was wondering about, if an app is NOT running but is installed can it still use the permissions?

Example, if you have an app which needs camera permissions like a barcode scanner could it still access the camera even though its not running.
Nope.
__________________
|

Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.

Links: Site Rules / Guidelines -and- Zero Tolerance Policy (All Members Read)


For right-on help, the Thanks button is on the right of the post.
For anything out in left field, the /!\ report button is to the left.

Remember, it's our forums and we're all in this together - so let's keep it cool!

Shoot the breeze at the best new gun forum!
EarlyMon is offline  
Reply With Quote
Old January 31st, 2013, 07:20 AM   #512 (permalink)
New Member
 
Join Date: Jul 2012
Posts: 8
 
Device(s):
Carrier: Not Provided

Thanks: 1
Thanked 2 Times in 1 Post
Default

Cheers EarlyMon, thats what i expected but wanted to check.
PodgePapin is offline  
Reply With Quote
The Following 2 Users Say Thank You to PodgePapin For This Useful Post:
alostpacket (January 31st, 2013), EarlyMon (January 31st, 2013)
Old January 31st, 2013, 10:07 AM   #513 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Not to upstage the illustrious Early the Pearly, who is correct, I would say the more nuanced answer is that yes, apps *kinda* do have permissions when not in use.

I say this because apps can be "woken up" at almost any time and the user does not necessarily know when an app is running or not. Oftentimes also, apps will appear to be running when they are not, and the OS doesn't really show this too well to the user.

So while it's true that apps dont really have permissions while not running, they have a dozen or more ways to be "woken up" and be running silently in the background. Also, it's important to note that a lot of apps are held in a sort of "stand-by" mode where they aren't really using memory or CPU, but they are listening for events or have "background-timers" running.

One good thing though: when you install an app it cannot wake itself up and has no permissions until it is run for the first time.
EarlyMon likes this.
alostpacket is offline  
Reply With Quote
The Following 3 Users Say Thank You to alostpacket For This Useful Post:
androidnewbie5 (January 31st, 2013), EarlyMon (January 31st, 2013), Hadron (January 31st, 2013)
Old January 31st, 2013, 05:04 PM   #514 (permalink)
Junior Member
 
Join Date: Jan 2012
Posts: 43
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 2 Times in 2 Posts
Default

I have a related question. I'm using a rooted phone (with a custom arq51 rom). Concerned about spying malware I have the "Avast Mobile Security" app installed, less for its virus protection than for the granular firewall that it has. With this firewall I block internet or outside data access to all programs I do not think need to have it to work (games and the like). For similar privacy reasons I do not sync any app with the cloud.

My questions, because I am not knowledgeable in Linux or Android, are:

1. Even though the firewall blocks access to the internet or the phone network, can apps still send out data through some other hidden mechanism in Android?

2. Of course I cannot use that type of firewall for apps like browsers, email, text, etc. How does one prevent these apps from sending out data to somewhere I did not authorize?

I do not get ads in my notification bar but anyway ran Ad detector and its scan found nothing bad. But, another similar app found several of my phone apps apparently use admob (which I have turned off in the Google Play options). Is there a simple way to block admob access (and similar spy networks) to apps other than Google Play without running still another blocking app?

I am currently not getting ads, but am concerned about data going out without my knowing it because I know of no way to tell what is going out in android.

Thanks.
androidnewbie5 is offline  
Reply With Quote
Old January 31st, 2013, 05:26 PM   #515 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Will try and answer as best I can:

1) I don't know the abilities of your firewall, however, most apps can POST data to the web without the INTERNET permission. It would do this using something called an Intent. But this would cause the browser to pop open. It would be pretty obvious if an app was doing this.

An easy way to be extra (extremely?) careful would be to install more than one browser and every call would ask you which browser to use (for all browser web requests, even legit ones).

But this is pretty unlikely to be a problem. However, having the popup about which browser to use will give you fine grained control (if that is what you seek).



2) Admob is not a spy network, it's Google's mobile advertising division. What you turned off is the tracking and targeting that Admob uses to customize ads to you. However, you will still get ads (unless blocked by your firewall). Google allows you to opt-out of tracking, not advertising.

hope that helps
alostpacket is offline  
Last edited by alostpacket; January 31st, 2013 at 05:29 PM.
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
androidnewbie5 (January 31st, 2013)
Old January 31st, 2013, 05:41 PM   #516 (permalink)
Junior Member
 
Join Date: Jan 2012
Posts: 43
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 2 Times in 2 Posts
Default

Thank you very much for the quick and excellent reply. This thread (and you) are just great.

I do have 2 browsers installed in addition to the standard one and have not had unexpected popups. I am probably too careful about privacy but not familiar with android I hate not knowing what is perhaps happening without my having any clue.

About the browsers, I've read that they do "call home". Boat browser is said to send data to 友盟-专业的移动开发者服务平台 | 移动应用统计 | Android统计 | iPhone统计 | WindowsPhone统计. Dolphin records everything and sends it out, etc. Not that I am doing anything secret but that kind of stuff should not be allowed without explicit permission.

I hear your advice about reading the permissions every time one updates an app, but apps are now updated so often that it takes a better man than me to really do that every time.......!

Thanks for this thread.
alostpacket likes this.
androidnewbie5 is offline  
Reply With Quote
Old January 31st, 2013, 06:07 PM   #517 (permalink)
Oil Can!!! Oil Can!!!
 
Metroid Prime's Avatar
 
Join Date: Feb 2012
Location: Land Of Metal
Gender: Male
Posts: 9,101
 
Device(s): Samsung Galaxy SIII
Carrier: AT&T

Thanks: 2,079
Thanked 2,911 Times in 1,877 Posts
Default

If I recall there's a feature you can disable in Dolphin so it doesn't send out anonymous data. I believe in Settings or Privacy.
alostpacket likes this.
__________________
Android Forums is more than just a forum, it's a community.
Thank helpful posts. Report abusive/spam posts.
Come hang out with us!
The Lounge| Forum Games
Need help? Questions? Ask a Staff Member!
Site Rules/Guidelines|Android Forums FAQ
Metroid Prime is offline  
Reply With Quote
Old January 31st, 2013, 07:39 PM   #518 (permalink)
The PearlyMon
 
EarlyMon's Avatar
 
Join Date: Jun 2010
Location: New Mexico, USA
Posts: 44,070
 
Device(s): LTEvo, 3vo, and Shift
Carrier: Sprint

Thanks: 41,718
Thanked 54,861 Times in 21,882 Posts
Default Re: Android permissions explained, security tips, and avoiding malware

Quote:
Originally Posted by androidnewbie5 View Post

About the browsers, I've read that they do "call home". Boat browser is said to send data to http://www.umeng.com.
May I ask where you heard that?
EarlyMon is offline  
Reply With Quote
Old February 1st, 2013, 12:04 AM   #519 (permalink)
Junior Member
 
Join Date: Jan 2012
Posts: 43
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 2 Times in 2 Posts
Default

A couple of months ago on several security threads similar to this one. Unfortunately I did not keep the urls. I expect a Google search would probably find several references.
androidnewbie5 is offline  
Reply With Quote
Old February 2nd, 2013, 12:23 PM   #520 (permalink)
Junior Member
 
Join Date: Jan 2012
Posts: 43
 
Device(s):
Carrier: Not Provided

Thanks: 5
Thanked 2 Times in 2 Posts
Default

Here are some:
Security Flaw Found in Dolphin Browser for Android - eSecurity Planet

Dolphin HD browser snared in security breach | Privacy Inc. - CNET News

etc.

presumably fixed in later version, but perhaps unfixed later or sent to somewhere other than en.mywebzines.com.

Quote:
Another privacy implication is that MoboTap was also notified which files you're using Dolphin HD to browse even on your computer. A post on AndroidPolice.com suggested one way to fix the problem would be to block connections to the MoboTap-operated Web site, en.mywebzines.com.
I'm no security expert and I am sure Dolphin is not the only browser or app that mines data. So this is only worth what it is worth. Your mileage may vary.

Metroid prime wrote:
Quote:
If I recall there's a feature you can disable in Dolphin so it doesn't send out anonymous data. I believe in Settings or Privacy.
Could not find that option.

Installed dolphin to check and in its help/privacy is a long text few would read which in summary says if you don't agree with our policy please don't download it. So I un installed it.
androidnewbie5 is offline  
Last edited by androidnewbie5; February 2nd, 2013 at 04:04 PM.
Reply With Quote
sponsored links
Old March 19th, 2013, 07:59 PM   #521 (permalink)
New Member
 
Join Date: Mar 2013
Posts: 2
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, great info!
JavDev Games is offline  
Reply With Quote
Old April 4th, 2013, 01:12 PM   #522 (permalink)
Junior Member
 
Join Date: Mar 2013
Location: Europe
Posts: 16
 
Device(s): Samsung Galaxy Note II
Carrier: Not Provided

Thanks: 2
Thanked 3 Times in 3 Posts
Default

Great guide. I have some questions about three (sets of) permissions:
- the ones that deal with "take photos" activities: Does such app get permissions to use both back (main) and front camera (thus potential malware could spy on you via front cam as well)?
- permissions pertaining to accessing bookmarks & history: Do they relate to the "default"/"stock" browser only, or to any and all browsers installed on the system?
- permissions pertaining to accessing SD card / external storage: On my Note II, the internal partition for user files is also called "SDcard". So, do these permissions mean both actual "physically external" SD storage as well as internal partition that is "nicknamed" SD card?
alostpacket likes this.
orion88 is offline  
Reply With Quote
The Following User Says Thank You to orion88 For This Useful Post:
alostpacket (April 4th, 2013)
Old April 4th, 2013, 01:43 PM   #523 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by orion88 View Post
..."take photos" activities: Does such app get permissions to use both back (main) and front camera
Yes.

Quote:
- permissions pertaining to accessing bookmarks & history: Do they relate to the "default"/"stock" browser only, or to any and all browsers installed on the system?
I think generally this is correct, stock browser only.

However it depends on how the browser is coded. It is possible a browser could re-use this permission or use a custom permission like:

Code:
org.mozilla.firefox.ACCESS_BOOKMARKS
Chrome: Not possible for a third party app to get bookmarks/etc. (w/o root) (source)

Firefox: I don't *think* third party apps have access to bookmarks, but I'm not 100% sure.

Other browsers: You would have to look at the application's manifest file and see what permissions it exports. I think there is an app called "manifest explorer" out there. (You also, I think, can see this info in PocketPermissions, my app. It should list all permissions, even the ones it does not recognize)

Quote:
- permissions pertaining to accessing SD card / external storage: On my Note II, the internal partition for user files is also called "SDcard". So, do these permissions mean both actual "physically external" SD storage as well as internal partition that is "nicknamed" SD card?
Correct, the permission allows access to both actual SDcard storage, and internal USER storage, just not protected (SYSTEM) storage.

They are considered the same from a privacy/security standpoint.
alostpacket is offline  
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
orion88 (April 5th, 2013)
Old April 5th, 2013, 05:18 AM   #524 (permalink)
Junior Member
 
Join Date: Mar 2013
Location: Europe
Posts: 16
 
Device(s): Samsung Galaxy Note II
Carrier: Not Provided

Thanks: 2
Thanked 3 Times in 3 Posts
Default

Regarding the storage access: By protected/"system" storage do you mean just what's mounted under /system, or any other non-user storage (i.e. everything but the "SD cards")?
Suppose I save some sensitive "Office" document on a non-user partition -- no app without root access will be able to read it? I presume this also means I wouldn't be able to browse+open it directly from there via a corresponding "Office" app? (I guess this is something I have to try; because with ES File Explorer I can browse into such folder (I have root), but I think ES can also "send" the file to any app that handles the file-type if I want to.)

Also, I've noticed that some security tools/apps display whatever permissions apps "want to have" (read from manifest or something?), whereas others display what's in fact enabled (I was able to see the difference because of disabling certain permissions with Permissions Denied app)...
orion88 is offline  
Reply With Quote
Old April 5th, 2013, 10:28 AM   #525 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

I think the folders are /system and /data but I am not 100% sure.

The important thing to remember is that folder names are different from device to device. But all devices guarantee that apps have access to private storage for only that app, and there is, of course, protected system storage.

Without getting to into detail, each app runs in it its own user process. So the apps each have a folder that is private to them not visible to the user, and not visible to the other apps. (This is /data/data i think). You will sometimes see these folders with adb or a file explorer, and if you have root, a root user can access any app folder.

The rest, and in general, the storage is 'user' or 'unprotected'. This may change in the future. But, by default all apps can read most storage, with the exceptions noted above. The reason your internal storage was named "sdcard" was for backwards compatibility, as some old apps hard-coded the path to files.

Regarding permissions:

There are several ways of describing a permission so maybe it is helpful to put them here.

Android permissions
These are permissions the system uses to grant access to resources and functionality. They are what usually comes to mind when someone thinks 'permissions'. Apps request these in their manifest file. This is read by the Google Play market and show to the user at install time.

Custom permissions
Permissions defined by an app. These are permissions an app uses to protect its own resources from other apps, and to grant limited functionality or resources based on the permissions. For example: I may write an app that helps users download RSS feeds. And I want my app to work with other apps and notification widgets. I could provided a way that other apps request a permission from my app to get the number of new RSS stories in my app's feed, but not all the RSS.

Code:
com.example.GET_UNREAD_RSS_COUNT
When an app is installed, the system takes note of what was requested (and thus agreed to by the user). When the permission is used, (say an app tries to connect to the internet), the system will either grant access, or throw a security exception This can crash an app unless the developer planned to be denied.

(To be continued: I need to get back to coding but will write more if I can later today )
alostpacket is offline  
Reply With Quote
The Following 2 Users Say Thank You to alostpacket For This Useful Post:
momist (April 5th, 2013), orion88 (May 13th, 2013)
Old May 11th, 2013, 03:10 PM   #526 (permalink)
Junior Member
 
Join Date: Sep 2011
Location: England
Gender: Male
Posts: 32
 
Device(s): Phone: Galaxy Nexus Tablet: Nexus 10
Carrier: Not Provided

Thanks: 4
Thanked 9 Times in 5 Posts
Default

Very extensive write up, thanks!
El Barto is offline  
Reply With Quote
Old June 3rd, 2013, 06:15 AM   #527 (permalink)
Member
 
Join Date: Mar 2011
Location: Glos.
Posts: 263
 
Device(s): Samsung Galaxy Note 2
Carrier: Not Provided

Thanks: 39
Thanked 31 Times in 30 Posts
Default

I've noticed this permission pop up a lot recently. I don't know if it's new or if I just never noticed it before.

Quote:
  • System toolstest access to protected storage
    Allows the app to test a permission for USB storage that will be available on future devices.


Is it legit?
womb raider is offline  
Reply With Quote
Old June 10th, 2013, 09:10 PM   #528 (permalink)
Member
 
Join Date: Dec 2010
Gender: Male
Posts: 226
 
Device(s): Samsung Galaxy S3
Carrier: Verizon

Thanks: 6
Thanked 33 Times in 27 Posts
Default

Quote:
Originally Posted by womb raider View Post
I've noticed this permission pop up a lot recently. I don't know if it's new or if I just never noticed it before.

[/LIST]

Is it legit?
It's a scary way of saying the app can use any external storage on your device.
TadeoNYC is offline  
Reply With Quote
The Following User Says Thank You to TadeoNYC For This Useful Post:
womb raider (June 11th, 2013)
Old September 8th, 2013, 09:43 PM   #529 (permalink)
New Member
 
Join Date: Sep 2013
Posts: 1
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default List of Android Permissions

I am not sure if this is the right forum but I will put my question here. I am looking for a list of all the Android permissions for each of the four protection levels. I would appreciate it if somone could point me to the right resource.

Regards
winstonfitch is offline  
Reply With Quote
Old September 8th, 2013, 09:49 PM   #530 (permalink)
Resident Air Bender
 
DragonSlayer95's Avatar
 
Join Date: Mar 2012
Location: Louisiana
Gender: Male
Posts: 7,397
 
Device(s): Moto G, LG G2, Samsung Galaxy S3, Samsung Galaxy S2, HTC Evo 3D
Carrier: Verizon

Thanks: 1,948
Thanked 2,750 Times in 1,803 Posts
DragonSlayer8724
Default

Hiya and welcome to android forums!

I couldn't find a thread here, but I did find an article explaining all of the permissions, it's in the hide/show tag since it's fairly long






Hope this answers your question and helps you out
__________________
Has someone helped you? Dont forget to hit the "thanks" button!
Seen an offense or bad post? Hit the /!\ button!
DragonSlayer95 is online now  
Reply With Quote
sponsored links
Old September 8th, 2013, 09:55 PM   #531 (permalink)
Member
 
artaxerxes's Avatar
 
Join Date: Sep 2011
Posts: 151
 
Device(s): Droid Razr M
Carrier: Not Provided

Thanks: 7
Thanked 41 Times in 32 Posts
Default

There is a sticky that might be useful.
Android permissions explained, security tips, and avoiding malware
artaxerxes is offline  
Reply With Quote
The Following 4 Users Say Thank You to artaxerxes For This Useful Post:
alostpacket (September 9th, 2013), DragonSlayer95 (September 8th, 2013), El Presidente (September 9th, 2013), Rxpert83 (September 8th, 2013)
Old September 8th, 2013, 09:58 PM   #532 (permalink)
Resident Air Bender
 
DragonSlayer95's Avatar
 
Join Date: Mar 2012
Location: Louisiana
Gender: Male
Posts: 7,397
 
Device(s): Moto G, LG G2, Samsung Galaxy S3, Samsung Galaxy S2, HTC Evo 3D
Carrier: Verizon

Thanks: 1,948
Thanked 2,750 Times in 1,803 Posts
DragonSlayer8724
Default

Quote:
Originally Posted by artaxerxes View Post
Oops missed that one, thanks
DragonSlayer95 is online now  
Reply With Quote
The Following 2 Users Say Thank You to DragonSlayer95 For This Useful Post:
alostpacket (September 9th, 2013), Rxpert83 (September 8th, 2013)
Old September 8th, 2013, 11:49 PM   #533 (permalink)
Senior Member
 
out of ideas's Avatar
 
Join Date: May 2012
Posts: 610
 
Device(s): ZTE Merit. ICScamwich OC. Galaxy Prevail CTMod 3.68
Carrier: Pigeons

Thanks: 58
Thanked 138 Times in 108 Posts
Default

What is the four protection levels you are talking about? i havent noticed those before.


on a side note, android has typically had a bad condition of lumping permissions together, which can hurt honest developers. fortunately, they have been doing a better job being more exact about what the application is asking to do lately.
__________________
Stuff of mine:
Ice Cream Scamwich (ZTE 990s)

Deodexed Stock ZTE Merit
out of ideas is offline  
Reply With Quote
Old September 9th, 2013, 05:23 AM   #534 (permalink)
Beware The Milky Pirate!
 
El Presidente's Avatar
 
Join Date: Jan 2011
Location: Scotland
Posts: 26,659
 
Device(s): Xperia Z1, Nexus 7 3G, HTC One X, SGS3 Mini
Carrier: EE

Thanks: 14,054
Thanked 15,867 Times in 8,522 Posts
Default

Quote:
Originally Posted by winstonfitch View Post
I am not sure if this is the right forum but I will put my question here. I am looking for a list of all the Android permissions for each of the four protection levels. I would appreciate it if somone could point me to the right resource.

Regards
Hi winston, I've merged your thread in to the massive thread artaxerxes mentions. If you check the OP, you should find all the info you need.

If you're stuck with anything though, please ask!
__________________
Site Rules & Guidelines / Staff List / Ask the Staff
Want to bring naughty posts to our attention? Use:
Be respectful to each other - That's what we're all about.
El Presidente is online now  
Last edited by El Presidente; September 9th, 2013 at 03:39 PM.
Reply With Quote
The Following 3 Users Say Thank You to El Presidente For This Useful Post:
alostpacket (September 9th, 2013), artaxerxes (September 9th, 2013), EarlyMon (September 9th, 2013)
Old September 9th, 2013, 11:56 PM   #535 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by out of ideas View Post
What is the four protection levels you are talking about? i havent noticed those before.


on a side note, android has typically had a bad condition of lumping permissions together, which can hurt honest developers. fortunately, they have been doing a better job being more exact about what the application is asking to do lately.

Protection levels denote what is required for an app to obtain a permission.

There are basically 3 levels, the first two being very similar.

Signature
- Only apps signed with the same key as the ROM will be granted these. For a regular app to get this it needs to be signed by the same key the ROM developer used to sign the ROM.

System
- Only System apps will be granted these, for an app to get this it would need root.

Dangerous
- All apps can request this. A user grants this kind of permission when installing. These are the kinds of permissions most commonly known to users and what most people are familiar with (e.g. FULL_INTERNET_ACCESS or READ_PHONE_STATE)


(The 4th type is just called signature_or_system and an app can be either one to request the permission)


Note this is off the top of my head and I haven't looked into permissions in awhile but hope to refresh some of this info soon


Almost all apps that come from Google Play will only be requesting permissions with the protection level of dangerous. Exceptions include root-requiring tools, Google apps, etc.

However, many regular apps may protect their OWN permission by using the system (or signature) protection level.

Say for instance I have an app that downloads RSS feeds. Well maybe I want them to be searchable by the system app Google Search.

What I do is write a custom permission and set the protection level to system. Then I can control which apps have access to my ContentProvider (content providers are ways of sharing info between apps).

Thus the RSS my app downloads is searchable by Google Search (because it is a system app) but not any normal, non-system apps.
El Presidente likes this.
alostpacket is offline  
Last edited by alostpacket; September 9th, 2013 at 11:59 PM.
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
El Presidente (September 10th, 2013)
Old September 13th, 2013, 05:46 AM   #536 (permalink)
New Member
 
Join Date: Sep 2013
Posts: 1
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 0 Times in 0 Posts
Default

I've checked my app permission, and almost all of it have medium till high dangerous level, even this android forum app. Is there anything else we can do to avoid this phissing? You know it's non sense if we uninstall every app that we need but do such a thing.

Regard
HMP
asarnama is online now  
Last edited by asarnama; September 13th, 2013 at 05:48 AM.
Reply With Quote
Old September 13th, 2013, 08:14 PM   #537 (permalink)
Member
 
artaxerxes's Avatar
 
Join Date: Sep 2011
Posts: 151
 
Device(s): Droid Razr M
Carrier: Not Provided

Thanks: 7
Thanked 41 Times in 32 Posts
Default

So I've found a permission from the new update of the Maps app. It's called "Activity Recognition". Is this permission new? What does it entail?
artaxerxes is offline  
Reply With Quote
The Following User Says Thank You to artaxerxes For This Useful Post:
alostpacket (September 14th, 2013)
Old September 14th, 2013, 03:36 AM   #538 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by artaxerxes View Post
So I've found a permission from the new update of the Maps app. It's called "Activity Recognition". Is this permission new? What does it entail?
Sounds a bit like an unfortunately named custom permission for Maps.

i.e. Maps grants that permissions to other apps so they can request map data.

just a guess though, haven't looked at it yet.
alostpacket is offline  
Reply With Quote
Old September 18th, 2013, 11:21 AM   #539 (permalink)
New Member
 
Join Date: Sep 2013
Posts: 2
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 2 Times in 2 Posts
Default how can I protect from hardware control and other unwanted permissions

Thanks for a great explaination.

I do not allow hardware controls that say "you give us permission to use the camera and/or audio, at any time, without your confirmation". To date I have found several of these.

I don't even allow the CHASE bank app because it wants to review my contacts.

Can you offer any suggestions on how not to allow or how to protect and still use these apps?

Even google play update asks for this permission.
I won't update google play!!

Thanks,
BNRusso

I have more time than money..........I hope!!
alostpacket likes this.
bnrusso is offline  
Reply With Quote
The Following User Says Thank You to bnrusso For This Useful Post:
alostpacket (September 19th, 2013)
Old September 18th, 2013, 09:00 PM   #540 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by bnrusso View Post
Thanks for a great explaination.

I do not allow hardware controls that say "you give us permission to use the camera and/or audio, at any time, without your confirmation". To date I have found several of these.

I don't even allow the CHASE bank app because it wants to review my contacts.

Can you offer any suggestions on how not to allow or how to protect and still use these apps?

Even google play update asks for this permission.
I won't update google play!!

Thanks,
BNRusso

I have more time than money..........I hope!!
I wouldn't worry about Google Play, but I never trusted Chase even before smartphones :P

Google Play is pretty essential to update for the usability of your phone. Many apps make use of "Google Play Services" (my new, yet to be released app included)

Anyways, for more fine-grained permission control you will probably need to root. You might look into CyanogenMod as a ROM, or just check out Permission Denied (or similar apps) in the Play store.
alostpacket is offline  
Reply With Quote
The Following User Says Thank You to alostpacket For This Useful Post:
El Presidente (September 19th, 2013)
sponsored links
Old September 18th, 2013, 11:51 PM   #541 (permalink)
New Member
 
Join Date: Sep 2013
Posts: 2
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by alostpacket View Post
I wouldn't worry about Google Play, but I never trusted Chase even before smartphones :P

Google Play is pretty essential to update for the usability of your phone. Many apps make use of "Google Play Services" (my new, yet to be released app included)

Anyways, for more fine-grained permission control you will probably need to root. You might look into CyanogenMod as a ROM, or just check out Permission Denied (or similar apps) in the Play store.
My phone seeme to be working fine without the google play services update.
Please explain a bit more.
How is someone looking at my contacts CHASE, anywhere near as malicious as allowing google play service update or flashlight app to use my camera at anytime without my permission.
I don't understand. What am I missing?
Thanks again,
bnrusso is offline  
Reply With Quote
The Following User Says Thank You to bnrusso For This Useful Post:
alostpacket (September 19th, 2013)
Old September 19th, 2013, 01:09 AM   #542 (permalink)
Aprs moi, le dluge
 
Lordvincent 90's Avatar
 
Join Date: Oct 2011
Location: grand rapids,mi
Gender: Male
Posts: 4,428
 
Device(s): Galaxy Prevail, Galaxy Prevail II, Kyocera Hydro, Nexus 7 (Grouper), Galaxy rush, Htc One SV
Carrier: of the deadly t-virus

Thanks: 1,447
Thanked 2,190 Times in 1,531 Posts
Default

Quote:
Originally Posted by bnrusso View Post
flashlight app to use my camera at anytime without my permission.
I don't understand. What am I missing?
Thanks again,
The reason a flashlight app would need to access your camera is because the flash function is part of your camera app. (And to use that led as a flashlight the app needs to access the camera's functions...)
__________________
(ノಠ益ಠ)ノ彡┻━┻
Lordvincent 90 is online now  
Last edited by Lordvincent 90; September 19th, 2013 at 01:23 AM.
Reply With Quote
The Following 2 Users Say Thank You to Lordvincent 90 For This Useful Post:
alostpacket (September 19th, 2013), El Presidente (September 19th, 2013)
Old September 19th, 2013, 08:52 AM   #543 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by bnrusso View Post
My phone seeme to be working fine without the google play services update.
Please explain a bit more.
How is someone looking at my contacts CHASE, anywhere near as malicious as allowing google play service update or flashlight app to use my camera at anytime without my permission.
I don't understand. What am I missing?
Thanks again,

Indeed it's all about context. As Lordvincent 90 said, A camera app would need to turn on your LED light without turning on the camera, so that permission makes sense in the context of how that app should function.

However a Chase app has no legitimate reason (that I can think of) to know your contacts other than to spy* or advertise to you.

* (By spy I mean collect data for a credit rating or something similar)


Google Play (and Google Play Services) have legitimate need for your contacts for 2 reasons that I can think of:

1) I believe you can gift your contacts an app, book, or song, etc.

2) Google Play services probably helps all of Google's apps manage syncing your contacts. Gmail does this already, so it just a way for Google Voice, Google+, Google Maps, and others to handle integration with that.

I'm sure they collect some data regarding your contacts but I don't think it is very much. I think the primary goal here is to enable features across all of Google services.

I do encourage people to read Google's Privacy Policy when they get the chance though. It's good to know, and it isn't as scary as some people think.

Ultimately though, you need to decide what level of privacy works for you. If you find most Google apps work without updating the Play store or Google Play services, and that is what you want, then that is perfectly OK.

Hope that helps



alostpacket is offline  
Reply With Quote
Old September 19th, 2013, 09:03 AM   #544 (permalink)
Senior Member
 
Join Date: Mar 2011
Posts: 879
 
Device(s): Galaxy Nexus (Verizon), Nexus 7
Carrier: Not Provided

Thanks: 149
Thanked 234 Times in 174 Posts
Default

Quote:
Originally Posted by alostpacket View Post
Indeed it's all about context. As [COLOR=SeaGreen]Lordvincent 90 [COLOR=Black]said, A camera app would need to turn on your LED light without turning on the camera, so that permission makes sense in the context of how that app should function.

However a Chase app has no legitimate reason (that I can think of) to know your contacts other than to spy* or advertise to you.
I don't know the Chase app specifically (do they just do credit cards, or are they a bank, too?). If Chase is a bank, sometimes you can use the camera to scan in and deposit a check.
alostpacket likes this.
aysiu is offline  
Reply With Quote
The Following User Says Thank You to aysiu For This Useful Post:
alostpacket (September 19th, 2013)
Old September 19th, 2013, 09:30 AM   #545 (permalink)
Over Macho Grande?
Thread Author (OP)
 
alostpacket's Avatar
 
Join Date: Nov 2009
Location: NY
Posts: 7,873
 
Device(s): GlassXE, MotoX, N5, N4, N7'12, GNex, N1, SGT10.1, Revue, Xoom, Eris, OG Droid
Carrier: TMO

Thanks: 4,582
Thanked 3,563 Times in 1,522 Posts
Default

Quote:
Originally Posted by aysiu View Post
I don't know the Chase app specifically (do they just do credit cards, or are they a bank, too?). If Chase is a bank, sometimes you can use the camera to scan in and deposit a check.

Indeed you are correct, my bank app does this too. And it is an excellent feature. And the reason it need to capture without notice is that it uses a detection system to "see" the check.

But I think bnrusso was referring to Chase requesting contacts.
alostpacket is offline  
Reply With Quote
Reply
Tags
anti-virus, antivirus, applications, apps, best practices, guide, malware, market, permissions, protection level, safety, security, spam, virus


Go Back   Android Forums > Android Discussion > Android Applications
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


LinkBacks (?)
LinkBack to this Thread: http://androidforums.com/android-applications/36936-android-permissions-explained-security-tips-avoiding-malware.html
Posted By For Type Date
[HOW TO] FAQ on viruses, malware & browser security - Page 2 This thread Refback April 25th, 2012 08:55 AM
newest submissions : Android This thread Refback December 31st, 2011 04:22 AM
Was interested in knowing why an app might need access to who I call, stumbled upon this. Very informative. This thread Refback December 31st, 2011 03:58 AM
Android This thread Refback December 31st, 2011 01:11 AM


All times are GMT -5. The time now is 02:48 AM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.