Discussion in 'Android Apps & Games' started by JohnJSal, Sep 25, 2010.
I know where to go to view them, but how can you change them?
You can't. That's why it's so important to read and understand them before making the decision to install an app.
This really sucks! There has got to be a way to hack an app's AndroidManifest.xml to change it's permissions and then self sign it and side load it. Suggestions?
So you want to create an app that has certain permissions, but not display those permissions to the unsuspecting user?
Yeah, we aren't going to help you try to do that, because we don't want apps that trash our phones and steal our data.
Or maybe he just wants to remove some of the unnecessary permissions on Apps he's already downloaded. ....
what would be nice though would be if the market place allowed developers to explain a little more. for example you see a game is asking for full internet permissions it would be nice if the developer could put a note in there "internet used for leader board scores only" or so on and so on. alot of times apps are doing 1 simple thing that requires a permission it really isn't using much of, makes you second guess that app when you see it though.
what would be fabulous would be a built in firewall in android, in other words you see an apps permissions and you can accept them all or only allow some of them, if the app breaks because of that so be it but at least you know the app can't access the internet or read your contact list then once you play around with the app you can decide to go back and change it or not.
or he is trying to block the licensing model google is moving everyone to where your purchased app "phones home" to the market place to make sure you should be running it. if you could change the permission on that then all you have to do is download said app, uninstall so you don't have to pay for it, change permissions so it can't check with the market place, reinstall and wa la, free app.
That reminds me (sorry for going a bit off topic) - why don't permissions lists in the Market ever include superuser permission for those apps that require it? Does Google just not want to raise the level of consciousness about the possibility of rooting, or is superuser access not a permission in the same way as the ones that do get listed? I've always wondered.
It's technically possible to extra the app and delete the permissions from the AndroidManifest.xml and then put the app back together. You could use a tool like apktool for this. However if the app tries to do something that requires said permissions it will throw a SecurityException. I imagine very few developers handle this in any sane manner, as they aren't expecting users to modify the permissions of the app... So it would likely just crash.
As for Superuser, it uses permissions differently. But keep in mind that if an app is granted Superuser access, it has all the permission it needs to do anything, even things not listed on the Market that apps normally list, like internet or reading contact data, etc.
It is the responsility of the user to learn and understand what those permissions mean. Google published the manifest of all of the permissions your phone has. There are articles and threads that discuss this to assist users. This was the guide I used when I got my Nexus.
I am cautious when I download an app, if the permission sounds strange, I will go to the developer's website and see if he explains it. If not I'll post it here, asking someone who might have an idea of what that permission is used for. I will also email the developer asking what's the purpose of said permission. If I really feel uncomfortable with it after the fact, I will not install it and find an alternative with less permissions.
YOU are your own firewall. If you don't like the permission, don't download the app. Google is very transparent in that the developer must show what the permissions are required for the app. The app cannot use a certain permission if it was not coded in there. So an app can't 'read your sms' and steal your info if it doesn't have the permission to read sms.
Can you imagine what a catastrophe that would be. A user would be like, 'oh I don't like any of these permissions so I will decline them all' and they don't use it right away, so when they do and the app doesn't work, 'wtf is wrong with this piece of crap, the developer sucks and I'm telling everyone that this app sucks'.
Are you referring to me?
I think he meant a later post (#3), not your post that started the thread way back when. Actually it would be nice if we could all just get rid of permissions that made us nervous (and I assumed that that was what both you and the other poster meant), but as already pointed out this would probably break the app even if it could be done. (If one just wanted to keep an app from phoning home I think there are easier ways. )
I"m still not clear why there is no means of automatically notifying potential downloaders of when an app requires superuser status, as there is in the case of other permissions. Right now it all depends on whether the developer chooses to disclose it in the app description, and I've seen one app that gained superuser privileges on rooted phones without advance disclosure (i.e. no mention of it being a for-root app). Seems like a potential problem area.
It would be really nice to edit som of the permissions of an already installed app. I found a "flashlight" app that really would not need permission to check my contacts, or sms folder. Then it would be nice to just remove the permissions instead of just uninstalling a quite nice app. If I for some reason think it should have the permission again, then I just let it have it again.
You should NOT be able to let any app have any permission you want, but just to remove/permit the permissions asked for when installing. This would therefore NOT compromise the security or rules given for the market by google. It would just make your phone happier and faster, and save you a lot of thinking.
You can revoke permissions you don't think an app should have. You need to root then install "Permissions Denied" from the Market:
The paid version is a donate version, there is no increase in usability.
Safer still is not to install an app that seeks inappropriate or unnecessary permissions.
I'm with a lot of other people on this, particularly Roze... check the permissions before you download. If you don't want an app to do something, don't download it. For UmbaLumba's example, it's ridiculous a flashlight app would ever need sms or contact permissions. Luckily, there are 2,727 flashlight apps, so I'm sure you can find one that doesn't need any permissions whatsoever
Besides the http://androidforums.com/android-ap...ps-avoid-viruses-guide-those-new-android.html linked to by by Roze I would also recommend the 99 cent App version of it (https://market.android.com/details?id=com.alostpacket.pocketpermissions&feature=search_result). It's a great quick reference and worth the 99 cents just to quickly see which apps have what permissions.
As others have mentioned, it IS possible now - you just found a really old thread.
Of course. But even known "safe" apps have access to things I don't like them to. Like Barcode Scanner has access to contact information and internet, so it can send links to friends via email. But I don't want it to access my contact list, ever.
Cyanogenmod starting with 7.1 has a built in permissions denyer and it's awesome, there's one certain annoying thing I'm no longer seeing on my phone because of it.
I've also heard lbe ************* is good at doing pretty much the same. (requires root)
Thats why I went with ShopSavvy instead. No access to my contact data. There's always another app...
Just remember that if you go this route and deny any of the app's permission, make sure that it's not a permission that the app requires to function. This is not the route I'd tell a new member as they might end up breaking an app which might cause a chain result for their phone having issues.
IMO, practising safe apps is the best
+1 it's a great centralize app on various app permissions. One thing I love about it is that you can sort apps by their permissions. So if I don't want an app to go through my phone identity, I'll check which apps ask for that permisison.
I've seen an app on the market called app shield that lets you recreate the app and 'shield it' from certain permissions. it costs 2.50. i cant say if its any good though as i haven't bought it yet but it has a lot of good reviews
it says that with certain apps it may not work so obviously you have to take care what permissions you delete from an app as even though you may not like it they may have a necessary function.
Interesting app. Though I would think that it'd get pretty annoying when you have to update an app, you would need to trim the permission.
I thought I was only one who read the permissions and said, "I don't think so". Google has been using Bouncer now
Android and Security - Official Google Mobile Blog
and it brings me a bit of comfort, but as someone said, you are your own firewall
I use pdroid