Permission Remover App on Google Play for non rooted phones

[PaulSMith02]

New to Android and forum.

After getting my Android, I was getting particularly concerned with security/privacy issues and permission granted on the phone. To address this, I've looked at rooting the phone but ultimately, it looked like this could increase my security risk instead of decreasing it.

I recently found an application (Permission Remover) on Google play which can remove application on dnloaded apps WITHOUT having the phone rooted, which is exactly was I was looking for.

The way I think this app works, is that it uninstalls the app, then removes the unwanted permission, then re-installs the app without that particular permission. I've tried it and seems to work well. For some app, it will remove permissions without causing failure in the app, while for others, it might cause a failure, which is to be expected, depending how the app was coded.

My concern is this: Is it possible that when "Permission Remover" unistalls the app and removes the unwanted permissions, it adds some malicious coding before re-installing the app? Is there a way this can be verified? I have AVAST antivirus on my phone, and it did not detect any malware.

This a relatively new app (Feb 2012) and has had few dnloads <1k. I can't post the link to it, but if you search "Permission Remover" in Google Play, it is the first one in the list. Can anyone view the coding of that app and let me know if there is anything malicious?

 

[El Presidente]

Welcome to AF!

I'm sure I read somewhere that the app itself is malicious, but I can't recall if it was this app or an app that performed a similar function. I'll have a dig around and see what I can find.

Failing that, I'll get one of our app devs to take a look.

 

[PaulSMith02]

Great. Thanks.

Every app I was able to find on this subject were for Rooted phones... This one is particular as it works on non rooted.

 

[El Presidente]

No problem, whilst I'm having a look, you might want to take a look at this: http://androidforums.com/android-ap...explained-security-tips-avoiding-malware.html

 

[alostpacket]

I might be missing something but I dont see how this would work without root.

The app itself does not have install or uninstall permissions. And it's not supposed to be able to read the data of other apps. I suppose there might be some hack/workaround that I dont know about though.

After taking a second look at some stuff, I'd say it's possible it may work for some apps. Especially ones installed on the SD card. But it will break a not-insignificant percentage of apps.

Nevertheless, personally the only one of those types of apps I trust is the one by Stericson. It's still going to crash a lot of apps though -- no matter which one you use.

These are just my opinions as a dev though -- I havent used any of these.

 

[alostpacket]

Also, taking off my "technical hat" for a second. I would advise people as consumers to not use apps that request permission you dont like. And tell the devs you are doing so.

Using a permission blocking app can be helpful, but ultimately it's an arms race.

Bad devs use bad permissions, users block, bad devs take more, and it's a cycle that doesnt end.

I'd much rather see well-behaved apps kept in line by user feedback than this kind of arms race

 

[bioforce]

Like ALP says. A great example of this is the Michael's app my wife was using. It wants access to contacts, Calender data, bookmarks, browser history, and the camera. It also has write permission to all of this stuff, plus the ability to email. Why the heck would you possibly need any of this just to give e-coupons? Suffice it to say, the app is no longer being used.

 

[PaulSMith02]

Thanks for the links to Alost info on Security. Best summary so for on Droid security!

Thanks Alost for giving users that information.

In my end, I will try to contact the developper to get information on how his app works. If I get any (positive) results, I will post back here.

 

[jefboyardee]

I can't post the link to it

Permission Remover Free
Permission Remover

Wonder if they could make it so apps being installed go through it on their way in, to avoid having to uninstall-butcher-reinstall them.

 

[PaulSMith02]

Thanks jef for posting the link.

And yeah, it would/could be cool, if that is what the program is actually doing and it is not malicious...

But on second though, probably would not be the best for developpers... as when you remove permissions, that is a chance that it will stop the app from working. People would blame the developper instead of blaming the permission remover app... but it would keep developpers with only the required and basic permissions instead of always going for the cadillacs of permisions!

BTW, quick trick I've noticed. The Free App version always ask way more permissions than the paid App, if you remove permissions to match the paid app, it hasn't resulted in a broken app.

 

[PaulSMith02]

This is the response I just got from the developper regarding how his app work:

"the app is doing those steps:
creating a backup of the original program
removing the unwanted permissions
if required uninstall of the original program
install/update of the program without the unwanted permissions

best regards
elmar"

How can he do this with the permissions he's requested for his app:
Full internet Access, and modify SD card content.... however, not all of my program are on the SD card... but I is true that I can only modified my downloaded apps and not the bloatware.

Again, is there still a chance that he could be introducing malicious coding?

 

[amlothi]

After getting my Android, I was getting particularly concerned with security/privacy issues and permission granted on the phone. To address this, I've looked at rooting the phone but ultimately, it looked like this could increase my security risk instead of decreasing it.

I don't want to get the thread off track, but it didn't look like anyone has responded to this point yet.

I actually feel my phone is more secure after rooting. I'm not a dev or a programmer, it's just my opinion, but perhaps ALP or other devs could chime in here.

I don't want you to have the misunderstanding that rooting your phone allows ANY apps to have root access to your device. The Superuser app allows one to control which apps get root access. Of course, you need to be careful about which apps you allow root, because granting this access does allow apps to do virtually anything they want on your device - and that would be worse than a malicious app on a non-rooted device. So yes, you need to take caution here.

On the other hand, I'm able to 1) remove factory installed apps that may have permissions I don't agree with, 2) restrict app permissions in a more direct way (my custom ROM has this feature), and 3) use a firewall to restrict internet access to certain apps.

The major point, that we all need to be vigilant in monitoring what apps we install and what access we give them, still stands of course. However, I like the extra control that rooting gives me over apps that I've already made the choice to install.

 

[PaulSMith02]

Thanks Amlothi,

Those are exactly the two reasons why I considered root in the first place(remove unwanted permissions and remove bloatware), but I didn't because of the few articles I found (see below) that indicated that root decreased security and increased the difficulty in getting the OTA updates.

But with your post, it brings me right back to square one... considering rooting again! Thanks !

I know, I might be highjacking my own thread, but what does rooting to your data/apps... does it erase all?

And how difficult is it to do the OTA updates after rooting?

What is Rooting on Android? The Advantages and Disadvantages | Droid Lessons
Android root users passwords saved as plain text

 

[bioforce]

Thanks Amlothi,

Those are exactly the two reasons why I considered root in the first place(remove unwanted permissions and remove bloatware), but I didn't because of the few articles I found (see below) that indicated that root decreased security and increased the difficulty in getting the OTA updates.

But with your post, it brings me right back to square one... considering rooting again! Thanks !

I know, I might be highjacking my own thread, but what does rooting to your data/apps... does it erase all?

And how difficult is it to do the OTA updates after rooting?

What is Rooting on Android? The Advantages and Disadvantages | Droid Lessons
Android root users passwords saved as plain text

1) For most phones, rooting requires you to wipe your device. You would be able to reinstall your apps from the market though, along with any synced data.

2) OTA updates screw up root, a lot of mods block them for this reason. Usually there is an updated mod with the the patches from ota built in later.

3) All these articles really say is to be very careful with which programs you give root to, as a an app with root permission can do anything. As long as you only give root to very well known programs (for example, ad free android) you will be fine.

 

[PaulSMith02]

Thanks Bioforce.

This week I'll probably make the plunge to a rooted phone...

 

[Spike1234]

Hello, new here, found this thread whilst faced with a similar decision.

I'm not confident enough at this stage to manage a rooted phone safely, so this app is appealing. I just have 2 questions about how this all concluded...

...
Again, is there still a chance that he could be introducing malicious coding?

Was it established in the end whether this could be a possibility? Did anybody end up having a look at it?

Permission Remover Free
Permission Remover

Wonder if they could make it so apps being installed go through it on their way in, to avoid having to uninstall-butcher-reinstall them.

These links don't work anymore. It appears that the app has now been removed from the market (although still available on the website). Does that indicate it was malicious after all?

Thanks heaps

P.S. I found the security thread really clear and helpful, thanks

 

[iowabowtech]

These links don't work anymore. It appears that the app has now been removed from the market (although still available on the website). Does that indicate it was malicious after all?

When apps "disappear" from the market, there's a reason for it and with red flags already raised prior to removal, I wouldn't touch it with a 10 foot pole.