mieramohamad
Lurker
can you give some example of the log for the application?
-
After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.
Android permissions explained, security tips, and avoiding malware
- Thread starter alostpacket
- Start date
What happens when I delete the app? Can they still access my info?
I installed a photo editing app and deleted it and later on I had some photo albums created (not sure what app did it, but at the time I had Add Watermark installed), so I don't know what's going on.
I had other photo editing apps installed previously and I didn't read what they wanted to access when I installed it and now I'm kicking myself for it!
Would a factory reset help in this case? I'm freaked out that someone has my info
ETA: some photo editing applications asked for full internet access, I installed them, but deleted within few hours or one to two days. Is this very dangerous and can they hack into my internet/computer?
All the apps I installed had ratings of 4+ stars.
PicsArt - Photo Studio wanted access to my location and phone calls (and identity?) - what can they do with this? Has anyone used this app and had any bad experiences?
Sorry for all the questions, but I'm a newbie and have no clue
I installed a photo editing app and deleted it and later on I had some photo albums created (not sure what app did it, but at the time I had Add Watermark installed), so I don't know what's going on.
I had other photo editing apps installed previously and I didn't read what they wanted to access when I installed it and now I'm kicking myself for it!
Would a factory reset help in this case? I'm freaked out that someone has my info
ETA: some photo editing applications asked for full internet access, I installed them, but deleted within few hours or one to two days. Is this very dangerous and can they hack into my internet/computer?
All the apps I installed had ratings of 4+ stars.
PicsArt - Photo Studio wanted access to my location and phone calls (and identity?) - what can they do with this? Has anyone used this app and had any bad experiences?
Sorry for all the questions, but I'm a newbie and have no clue
alostpacket
Over Macho Grande?
No, generally once uninstalled, apps cannot harm your system. The only exception to this would be if the app installed other apps when it was installed. For that to work however, an app would need the INSTALL_PACKAGES permission.
Not sure really what is going on there.
As a last resort a factory restore can wipe just about anything away, but I would only use it if you were sure you needed to. If you go this route, ask here in the forums about good backup software like Titanium Backup, or SMS backup and Restore, or even my app Listables for a simple list of apps.Would a factory reset help in this case? I'm freaked out that someone has my info
INTERNET is a very common permission and they would not be able to hack a computer or anything else like your computer with it. I wouldn't worry.
That's USUALLY a good sign. but not 100% reliable.
I don't know about that app in particular, but check out the guide in the first post of this thread. It will give you some detailed info on that permission. You can also use my app PocketPermissions (link in signature).
Sorry for all the questions, but I'm a newbie and have no clue
No problem! that's what the forums are here for!
Hope that helps
alostpacket
Over Macho Grande?
Here's what LogCat output looks like:
Code:
04-12 15:15:13.473: E/TelephonyManager(8965): Hidden constructor called more than once per process!
04-12 15:15:13.513: D/dalvikvm(8965): GC_FOR_ALLOC freed 449K, 7% free 8354K/8967K, paused 24ms
04-12 15:15:13.553: D/dalvikvm(8965): GC_FOR_ALLOC freed 153K, 7% free 8400K/8967K, paused 23ms
04-12 15:15:13.563: I/dalvikvm-heap(8965): Grow heap (frag case) to 9.773MB for 1536016-byte allocation
04-12 15:15:13.583: D/dalvikvm(8965): GC_FOR_ALLOC freed <1K, 6% free 9900K/10503K, paused 23ms
04-12 15:15:13.633: D/dalvikvm(8965): GC_CONCURRENT freed 111K, 6% free 10315K/10887K, paused 2ms+3ms
04-12 15:15:13.653: D/szipinf(8965): Initializing inflate state
04-12 15:15:13.673: V/TLINE(8965): new: android.text.TextLine@409e3bd0
04-12 15:15:13.923: D/dalvikvm(8965): GC_FOR_ALLOC freed 1871K, 19% free 8984K/11079K, paused 25ms
04-12 15:15:13.923: I/dalvikvm-heap(8965): Grow heap (frag case) to 9.935MB for 1107216-byte allocation
04-12 15:15:13.963: D/dalvikvm(8965): GC_FOR_ALLOC freed 7K, 10% free 10059K/11079K, paused 23ms
04-12 15:15:14.013: D/dalvikvm(8965): GC_CONCURRENT freed <1K, 10% free 10059K/11079K, paused 2ms+2ms
04-12 15:15:14.493: D/dalvikvm(8965): GC_FOR_ALLOC freed 3K, 10% free 10061K/11079K, paused 25ms
04-12 15:15:14.493: I/dalvikvm-heap(8965): Grow heap (frag case) to 11.395MB for 1536016-byte allocation
04-12 15:15:14.533: D/dalvikvm(8965): GC_CONCURRENT freed 0K, 9% free 11561K/12615K, paused 1ms+3ms
04-12 15:15:14.603: I/System.out(8965): DISPLAYW = 1280, mInitialOpenGLScale = 1.3061224
04-12 15:15:14.643: W/webcore(8965): Not supported in this case.michaelburns
Lurker
Thanks for the detailed descriptions of Android permissions.
I am baffled, however, as to why Android implements such a different scheme from linux. (It is my understanding that Android uses the linux kernel, and thereby boasts linux security, but how can it make such a boast if it doesn't use the linux permission scheme?) The most baffling part to me is the complexity of access to services rather than simplicity of rwx for files. Even with all of the added complexity, the Android permission scheme has managed to neglect the very important distinction between needing read access vs. needing write access.
I'm not a computer expert, and so perhaps I have just been misunderstanding permissions in linux as well. (Please feel free to correct my ignorance.) Permission to me is not for an application, but for my filesystem, and so important during installation because the application must install libraries and such in certain parts of my filesystem, not because it will access them later, that's a given.
Is there any way to use the more reliable/secure rwx scheme to protect my filesystem? In particular, is it possible to revoke write and execute access for applications that obviously only need read access? Also, is there a way to manage the permissions, like I would use chmod in gnu/linux? (I was snooping through the apps that are installed by default on my LG Optimus Q, and even the apps puportedly from google have egregious and unnecessary permissions that I would like to disable.)
I feel so locked out of my phone, but the so-called rooting process is still too mysterious (and Windows-based) for me to feel comfortable. Is there any non-rooting method to get administrator access?
I am baffled, however, as to why Android implements such a different scheme from linux. (It is my understanding that Android uses the linux kernel, and thereby boasts linux security, but how can it make such a boast if it doesn't use the linux permission scheme?) The most baffling part to me is the complexity of access to services rather than simplicity of rwx for files. Even with all of the added complexity, the Android permission scheme has managed to neglect the very important distinction between needing read access vs. needing write access.
I'm not a computer expert, and so perhaps I have just been misunderstanding permissions in linux as well. (Please feel free to correct my ignorance.) Permission to me is not for an application, but for my filesystem, and so important during installation because the application must install libraries and such in certain parts of my filesystem, not because it will access them later, that's a given.
Is there any way to use the more reliable/secure rwx scheme to protect my filesystem? In particular, is it possible to revoke write and execute access for applications that obviously only need read access? Also, is there a way to manage the permissions, like I would use chmod in gnu/linux? (I was snooping through the apps that are installed by default on my LG Optimus Q, and even the apps puportedly from google have egregious and unnecessary permissions that I would like to disable.)
I feel so locked out of my phone, but the so-called rooting process is still too mysterious (and Windows-based) for me to feel comfortable. Is there any non-rooting method to get administrator access?
alostpacket
Over Macho Grande?
I do believe it uses Linux permissions on files stored internally and is using more and more on newer phones. Permissions are also more granular in some places.
I think one of the problems was implementing it properly for SD cards. Because they were generally FAT32, and because they needed to be able to be read when removed from the phone and put into a SD card reader.
I agree there was a lot more they could have done. Some corners were cut to make things easier and more feature-rich for apps. Some corners were cut for technical reasons. But I also think some corners were cut to save time.
Ultimately though, there are less and less of these cut corners, so they are moving in the right direction
I think one of the problems was implementing it properly for SD cards. Because they were generally FAT32, and because they needed to be able to be read when removed from the phone and put into a SD card reader.
I agree there was a lot more they could have done. Some corners were cut to make things easier and more feature-rich for apps. Some corners were cut for technical reasons. But I also think some corners were cut to save time.
Ultimately though, there are less and less of these cut corners, so they are moving in the right direction
alostpacket
Over Macho Grande?
Welcome to the forums!
The thing about Android apps is that they can start themselves at *almost* any time. So while you can shut them down, apps that are designed to run in the background will almost always start back up. This is generally a good thing, but it does have some drawbacks.
Does that help answer your question?
You might want to search the forum for threads about Task Killers. Those threads will explain why apps run like that.
Let me know if you cant find any or have questions though I would be glad to help.
thanks and thanks!
the thing I don't get is why some apps require the permissions they do.
for example a simple flash light app permissions
system tools - change UI & global settings
storage - modify & delete on sd
read phone state
hardware control - take pictures and videos
seems a bit crazy for a torch.
I get if you don't like the permissions then don't download but they should explain why an app uses the permissions it does.
the thing I don't get is why some apps require the permissions they do.
for example a simple flash light app permissions
system tools - change UI & global settings
storage - modify & delete on sd
read phone state
hardware control - take pictures and videos
seems a bit crazy for a torch.
I get if you don't like the permissions then don't download but they should explain why an app uses the permissions it does.
hi im new to all this android stuff and just wondering if some 1 could help me out a bit when i look at some apps like norton for example it says permissions SERVICES THAT COST YOU MONEY
DIRECTLY CALL PHONE NUMBERS
Allows the app to call phone numbers without your intervention. Malicious apps may cause unexpected calls on your phone bill. Note that this doesn't allow the app to call emergency numbers
SEND SMS MESSAGES
Allows the app to send SMS messages. Malicious apps may cost you money by sending messages without your confirmation
so im a bit baffled as to does this mean it will block apps from doing this or does it mean this app will do it and cost me money could some 1 please advise me as im just curious as i dnt want to end up getting stung for prices thanx john
DIRECTLY CALL PHONE NUMBERS
Allows the app to call phone numbers without your intervention. Malicious apps may cause unexpected calls on your phone bill. Note that this doesn't allow the app to call emergency numbers
SEND SMS MESSAGES
Allows the app to send SMS messages. Malicious apps may cost you money by sending messages without your confirmation
so im a bit baffled as to does this mean it will block apps from doing this or does it mean this app will do it and cost me money could some 1 please advise me as im just curious as i dnt want to end up getting stung for prices thanx john
In this example, it means Norton can call and send text messages on your behalf without you initiating a call or text message. It may cost you money because a lot of wireless carriers charge for text messaging and phone call minutes.
sherlock5545
Android Expert
This thread is really helpful, thanks a lot guys!
Awesome, thank you so much for the great tips i will follow these.
Hi all,
Couple new questions for you:
1) I've come across a permission request I haven't seen before: "Read Google Service Configuration". It's shown as part of the "your account" group of permissions, and the description in the Play store is, helpfully, "Allows this application to read Google service configuration data"
. It's not listed in my trusty Pocket Permissions manual ;-) so I figured I'd ask to see if anyone knew more about what this actually does.
2) Following on a question posted a few pages back re: pre-installed apps, I'm curious how the permissions for those apps work in conjunction with explicit TOS agreements. For example: My phone came with a non-Google GPS navigator app pre-installed that I don't plan to pay for or ever use. If I open the app, I'm presented with a TOS I have to agree to in order to continue. If I never agree to the TOS, does the app have the ability to exercise any of the permissions it was assigned when the factory installed it? Additionally, that app is now bugging me to manually update it through the Play store. If I download the update to shut up the nagging reminder each day, does that amount to agreeing to the TOS? Maybe this is something that's only ever a concern of developers dealing directly with carriers, but I'm interested if anyone can shed some light on it.
Thanks!!
UPDATE: Since writing this post originally, I ended up deciding to just update the apps I was referring to in 2), and see what happened with the TOS. The result was that after updating, I was still presented with the TOS when I launched the app for the first time-- so from that I'm concluding that downloading and installing the update doesn't function as a de facto agreement to any explicit TOS related to an app.
Just thought I'd throw that in, in case anyone other than me really did wonder about issues this far in the weeds
Couple new questions for you:
1) I've come across a permission request I haven't seen before: "Read Google Service Configuration". It's shown as part of the "your account" group of permissions, and the description in the Play store is, helpfully, "Allows this application to read Google service configuration data"
. It's not listed in my trusty Pocket Permissions manual ;-) so I figured I'd ask to see if anyone knew more about what this actually does.2) Following on a question posted a few pages back re: pre-installed apps, I'm curious how the permissions for those apps work in conjunction with explicit TOS agreements. For example: My phone came with a non-Google GPS navigator app pre-installed that I don't plan to pay for or ever use. If I open the app, I'm presented with a TOS I have to agree to in order to continue. If I never agree to the TOS, does the app have the ability to exercise any of the permissions it was assigned when the factory installed it? Additionally, that app is now bugging me to manually update it through the Play store. If I download the update to shut up the nagging reminder each day, does that amount to agreeing to the TOS? Maybe this is something that's only ever a concern of developers dealing directly with carriers, but I'm interested if anyone can shed some light on it.
Thanks!!
UPDATE: Since writing this post originally, I ended up deciding to just update the apps I was referring to in 2), and see what happened with the TOS. The result was that after updating, I was still presented with the TOS when I launched the app for the first time-- so from that I'm concluding that downloading and installing the update doesn't function as a de facto agreement to any explicit TOS related to an app.
Just thought I'd throw that in, in case anyone other than me really did wonder about issues this far in the weeds
Rico ANDROID
Android Expert
Hi all,
Couple new questions for you:
1) I've come across a permission request I haven't seen before: "Read Google Service Configuration". It's shown as part of the "your account" group of permissions, and the description in the Play store is, helpfully, "Allows this application to read Google service configuration data"
2) Following on a question posted a few pages back re: pre-installed apps, I'm curious how the permissions for those apps work in conjunction with explicit TOS agreements. For example: My phone came with a non-Google GPS navigator app pre-installed that I don't plan to pay for or ever use. If I open the app, I'm presented with a TOS I have to agree to in order to continue. If I never agree to the TOS, does the app have the ability to exercise any of the permissions it was assigned when the factory installed it? Additionally, that app is now bugging me to manually update it through the Play store. If I download the update to shut up the nagging reminder each day, does that amount to agreeing to the TOS? Maybe this is something that's only ever a concern of developers dealing directly with carriers, but I'm interested if anyone can shed some light on it.
Thanks!!
I would love to know which app you get the new permission? Forgive me if I read ovr it and missed it in the post.
AlostPacket: any insight on this new one? I wonder if some of the lagest upgrades with google , android, etc will start seeing new permissions? What effect will such have on devices still on 2.2?
pondabear
Lurker
Yes this was extremely informative and unfortunately I am painfully aware of the consequenses of not being careful. Not only was I getting malware and phishing on my phone but since I tethered my laptop, they were simultaneously attacked and it was everything and bad! All my passwords were changed and when I would try and report it and reset my passwords they were blocking me with fake password reset pages! I finally just jumped around a buttload of search engines to shake them. One other thing I can add from experience is you will get a warning "certificate does not match or is invalid, then you will get "internet connect. lost, tap here". Do not tap ANYTHING even if it says facebook or whatever. As soon as you tap it, its all over. They are in and locking you out of all your accounts. Safe downloading folks! And thanks so much for such a well written and informative post. Many people don't realize this can happen to their phone too.
Has anyone encountered a random icon appearing on your android desktop?
I've hardly used my phone at all today, but noticed this afternoon an Icon called "NetSpend" with an image, blue w white text "NETSPEND Prepaid Card You Are Approved".
Clearly bunk, no idea where it came from. I haven't installed any new apps recently, thogh I did download Ad Network Detector once I noticed it. Couldn't identify it.
I can long press the icon, and it will let me drag it off the desktop into the trash, but I don't know if that will really address the root cause.
I intended to launch the icon to see what it redirected to, and found it attempted to run a series of redirect links, faster than I was able to longpress-select-copy the URL for examination. Then the Bionic's shitty default FB share feature popped up with a link, and I went to airplane mode before any more damage could be done, and changed my FB password from my laptop.
Links included references to hjlas.com. the-awardzcenter.org, livemobilesearch.com, & surveyrewardscenter.org
Just trying to be as thorough as possible in order to identify and draw awareness.
Should I post anywhere else?
I've hardly used my phone at all today, but noticed this afternoon an Icon called "NetSpend" with an image, blue w white text "NETSPEND Prepaid Card You Are Approved".
Clearly bunk, no idea where it came from. I haven't installed any new apps recently, thogh I did download Ad Network Detector once I noticed it. Couldn't identify it.
I can long press the icon, and it will let me drag it off the desktop into the trash, but I don't know if that will really address the root cause.
I intended to launch the icon to see what it redirected to, and found it attempted to run a series of redirect links, faster than I was able to longpress-select-copy the URL for examination. Then the Bionic's shitty default FB share feature popped up with a link, and I went to airplane mode before any more damage could be done, and changed my FB password from my laptop.
Links included references to hjlas.com. the-awardzcenter.org, livemobilesearch.com, & surveyrewardscenter.org
Just trying to be as thorough as possible in order to identify and draw awareness.
Should I post anywhere else?
Android is safe. You should agree with each permission for each app when you install one app... the problem is that nobody looks at requested permissions
The viruses for Android are all apps with hidden launchers (e.g. w/o launcher) - so you cannot see them in desktop, but they exists like packages in your device, and when you browse your installed apps they will show there.
The viruses for Android are all apps with hidden launchers (e.g. w/o launcher) - so you cannot see them in desktop, but they exists like packages in your device, and when you browse your installed apps they will show there.
alfredjarry69
Newbie
i actually study this whole factor and i have to say its an excellent information, you did a really excellent job