Go Back   Android Forums > Android Discussion > Android Applications
Android Applications All the information you could ever want about Android Applications. Learn about apps and get help with them... all here! New apps can be found and announced in the Applications Announcements forum linked below.

test: Reply
 
LinkBack Thread Tools
Old April 7th, 2010, 10:35 AM   #1 (permalink)
New Member
Thread Author (OP)
 
Join Date: Mar 2010
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 7 Times in 1 Post
Default apps suddenly have Storage and Phone Call permissions without asking

I've noticed a troubling issue with app permissions. It seems that after installing, some apps that didn't ask for these two permissions:

Storage: modify/delete SD card contents
Phone calls: read phone state and identity

... will magically acquire them after install! These apps do NOT ask for these permissions during install, nor do their Market pages disclose that they need them. After looking through MANY logcat messages during an install, I found this:

04-07 03:23:08.973,I,PackageParser,1016,com.some.app.nam e.here: compat added android.permission.WRITE_EXTERNAL_STORAGE android.permission.READ_PHONE_STATE

Digging around, I found this online:

Android permissions: Phone Calls: read phone state and identity - Stack Overflow

It seems that an app that is compatible with systems earlier than 1.6
will automatically be assigned those two permissions. If a developer
is willing to make their app compatible only with 1.6+ systems, they
can change their app's manifest:

<uses-sdk android:minSdkVersion="4" android:targetSdkVersion="4" />

... and when users on 1.6+ devices install the app, those two extra permissions won't show up.

I bet a lot of app developers don't know this, and therefore their apps will seems to acquire those two permissions magically. Users will install those apps, see the two extra permissions when they inspect the app security setting and be very puzzled.

They'll probably think the app is malware and uninstall it.

I've contacted some app developer about this issue, so that they can (hopefully) fix their app so it doesn't look like malware.

Unfortunately, until all legit apps are fixed, it'll be hard to distinguish amongst apps that have those permissions, which app actually needs those permissions, which apps need fixing, and which apps are malware.

Tom

Advertisements
tomlouie is offline  
Reply With Quote
The Following 7 Users Say Thank You to tomlouie For This Useful Post:
Carbon (July 23rd, 2010), jwmacdon1231 (April 7th, 2010), pharscape (March 10th, 2011), phbair (December 23rd, 2011), powell (May 5th, 2010), SpaceDementia (March 10th, 2011), TheSpork (January 8th, 2012)
sponsored links
Old April 7th, 2010, 11:44 AM   #2 (permalink)
Senior Member
 
jwmacdon1231's Avatar
 
Join Date: Nov 2009
Location: Houston, TX
Posts: 1,143
 
Device(s): HTC One S (rooted of course)
Carrier: Not Provided

Thanks: 34
Thanked 121 Times in 114 Posts
myandroid713
Default

Thanks for the tip.
__________________
Don't forget to hit the "Thanks" button when someone helps you!!!


Follow me on Twitter
jwmacdon1231 is offline  
Reply With Quote
Old April 8th, 2010, 07:41 AM   #3 (permalink)
New Member
Thread Author (OP)
 
Join Date: Mar 2010
Posts: 4
 
Device(s):
Carrier: Not Provided

Thanks: 0
Thanked 7 Times in 1 Post
Default

This could also be related to this issue too:

Issue 4101 - android - Permission list is incorrect for APKs built with Android 1.6 SDK - Project Hosting on Google Code
tomlouie is offline  
Reply With Quote
Reply
Tags
app, malware, permission, security


Go Back   Android Forums > Android Discussion > Android Applications
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 05:57 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.