when we go to download a lot of apps, many of them we give permission to view our contact lists, txt messages, account info, etc...
am i the only one who gets nervous by all of this? does anyone know what security features the App Market has in place for us all?
tx --- art.
Related
Hello all,
This is my first post here.
Id like to start by thanking everybody on this site for the volumes of info. You guys rock!
Q: why do strange apps have full permissions?
I have learned so much from everyone here since addopting android. I've recently rooted my thunderbolt and i've been looking at alot of the system info. There is alot of stuff that seems quite questionable (and slightly shady). For example there is a widget running in the background constantly called htc clock widget. This has prettymuch every system permission, and i have no idea why. Also checkin services has the same permissions. I've tried to research both apps extensively but i can barely find any info, every one seems to have questions, but no answers. I might be paranoid, but if something is going to have access to that much info i'd like to know why it needs it. Actually the only info i could find on the subject was through "bing" which seems sort of strange to me. If anyone has any info regarding this, i would greatly appreciate it.
Thank you in advance
Well if you think HTC is stealing your info from the clock widget you are very paranoid about technology lol. What permissions worry you about it. Need to be more detailed than "every permission. "
Mah BAMF Thunderbolt
Mah BAMF Thunderbolt
Well i dont know how to copy from the app info so ill summarize.
Both clock widget (not the clock mind you), and checkin service have as follows
Messages: read attachments, edit sms and mms, read sms and mms, recieve sms and mms
Location: course and fine
Personal info: calender events, read write browser history and bookmarks
Network: create bluetooth connections, full internet access
Your accounts: google mail, manage account list, use credentials
Storage: modify sd contents
Phone calls: modify phone state, read phone state identity
System tools: bluetooth, change network connectivity, change wifi state, change wimax state, modify global system settings, prevent phone from sleeping, retrieve running apps, set time zone, write access point name, write sync settings
Well thats what the widgets got, seems like alot to me. Htc checkin service i have read about and i guess its googles way of recieving anonymous user data. And i guess you can disable it in the build.prop. Any ideas?
How do you figure the time stamps get in your messages, files, etc...? Something has to relay the time to the apps so it's correct.
This forum is full of bloatware removal lists. They all have one thing in common: they list a lot of cryptically named APKs that are "safe to remove," but they don't tell you what these APKs do.
For some bloatware APKs the function is clear from their name. For example, com.amazon.apk is obviously spam that Amazon paid to get into your phone.
For some APKs you can google to find out that an app called "globalunplug" pops up a message to unplug your charger after your phone is finished eating. You wouldn't guess this from the name of the APK.
But there is plenty of bloatware for which Google doesn't help. Search for it and you get a million pages of "safe to remove" lists, but none of them describes what the "safe to remove" APKs are doing.
For example:
Admin notifier
AdminFeedNotifier.apk
Probably something to do with device administrators, but setting up device admins works without this app.
AdService
AdService.apk
Something to do with advertizing? AdMob-related? Or does it have nothing to do with ads at all?
AtCommandService
AtCmd.apk
Google for it and you find lots of people who have problems with this app. But what is it for? There are some related files, like atcmd.plugin, atcmd.plugin.att, and more.
blur.res
blur-res.apk
Some Motoblur app. Freeze it and your email, calendar, and stock launcher might stop working. But some say it's safe to remove.
com.android.providers.applications
ApplicationsProvider.apk
Fetches the list of installed apps to provide search suggestions. Would you really have guessed this from the name alone?
SyncMLTmo.apk
Probably syncs something, but what?
ContactsUnconnected.apk
A very annoying piece of Motorola crapware. It combines multiple contacts into a single contact based on similarities in name, email, etc. When your contacts sync back from Google you may find that your separate contacts have been combined against your will, unless you freeze this apk.
DMService
DMService.apk
Device Manager. Sometimes sucks your battery dry. Some people freeze it without problems, some freeze it and have their notifications messed up. And it seems that nobody knows why.
HSTcmd
Seems safe to remove, but what does it do?
MtlrNotifier.apk
Something with media?
OMA client provisioning
OMAProvisioning.apk
Over-the-air device configuration. Is that clear? No? I thought so.
QuickSms.apk
This won't make you write SMSs faster. It just lets you auto-respond by SMS if you don't pick up your phone.
Rich Clipboard
RichTextCommon.apk
To keep the formatting when you copy text to the clipboard?
SIM toolkit
com.android.stk
Stk.apk
On my phone this app is just some spamware for useless premium SMS services from which T-Mobile takes a cut. But it may do other things on your phone, so check before you remove it.
Updater & Upgrader
What do they update and upgrade? Apps? Your ROM?
There are many more APKs with strange names that tell nothing about their function. Manufacturers and carriers often include a set of their own.
Can you help clarify what all these strange little APKs really do and what will break if you kill them?
Could anyone out there tell me if the S Note that you got with the ICS update - NOT downloaded from S Choice, or from the file that I saw floating around the forum, just the ones that came with ICS automatically - matches the following permissions?
- Your personal information
add or modify calendar events and send email to guests without owner's knowledge, read Browser's history and bookmarks, read calendar events plus confidential information, read contact data, read user defined dictionary, write Browser’s history and bookmarks, write contact data
- Services that cost you money
directly call phone numbers, send SMS messages
- Your location
coarse (network-based) location, fine (GPS) location
- Your messages
edit SMS or MMS, read SMS or MMS, receive SMS or MMS
- Network communication
control NFC, create Bluetooth connections, full internet access
- Your accounts
acts an account authenticator, manage the accounts list, use the authentication credentials of an account
- Storage
modify/delete USE storage contents
- Hardware controls
change your audio settings, record audio, take pictures and videos
- System Tools
allow Wi-Fi Multicast reception, bluetooth administration, change network connectivity, change WIF state, change WIMAX state, change your UI settings, delete all application cache data, disable keylock, format external storage, modify global system settings, mount and unmount filesystems, prevent phone from sleeping, retrieve running applications, write sync settings.
Why I want to know, if you're interested:
I didn't get S Note with my ICS update (SGH-i717R - Canadian, Rogers), and after a song and dance with support, was told by one agent/one email support to download it from the S Choice app store ... and by one call agent that I should stay away from it because it's not from Samsung and possibly malware.. Since S Note was supposed to come with the update, and only My Story needed additional downloading, I was a little wary.
My misgivings started with the bad grammar in the description, the different developer from the My Story app, and finally, the giant pile of permissions it wants. I've tried a slew of things to get S Note/Premium Suite to initialize, and am now at either reflashing the update, which I'd like to avoid since the phone works fine and I don't know what the hell I'm doing, or mailing it in “to the lab,” which I'd like to avoid because apparently not all of Samsung knows what it's doing either, judging by some of the answers I got. So I'd like to just do a comparison to see if the original S Note that comes with ICS also has these permissions. If it does, then I'm just going with the S Choice one and stop trying other things.
Thank you for any help!
Anyone? I know it's a bit of an oddball question, but..? (Unless nobody got it with ICS, which wouldn't surprise me, either.)
Matches what i have... I dont think its anything bad. Samsung proabably wants snote to have full functionality. Insert contacts and be able to call them from the app, geo tag your location etc... Look at the permissions of facebook... They are not that different.
Sent from my Samsung-I717
IMM76D.UCLF6+FJMOD-BUILD2
Stampaufaz said:
Matches what i have... I dont think its anything bad. Samsung proabably wants snote to have full functionality. Insert contacts and be able to call them from the app, geo tag your location etc... Look at the permissions of facebook... They are not that different.
Sent from my Samsung-I717
IMM76D.UCLF6+FJMOD-BUILD2
Click to expand...
Click to collapse
Fantastic - thanks! I was mostly put off by the description of the app "this application is S note can make own note." doesn't exactly scream "I am legit software put out by Samsung, download me!" But if it's pretty much what the original has, then I'm fine.
Again, thanks!
I was looking at this free Kingsoft Office and here is what it lists among its required permissions:
"Access email provider data
Allows this application to access your email database, including received messages, sent messages, usernames and passwords."
It seems highly suspicious to me even without the usernames and passwords part. Can anyone explain? Should I stay away from such apps? Thanks!
The app is in Google Play, I can't give the link because I'm a new user.
OK, so I take it nobody cares why an app downloaded millions of times would ask for these things? To me it seems like a huge risk, so good thing I'm not using it. The developers didn't bother to answer my email either. Great! Check permissions very carefully before you install an app, people!
I do a lot of Android app testing. I use my regular phone, where I have my contacts and my regular gmail account. I never used a credit card on this account.
I mostly use APK files to install the apps.
I have 2 questions:
1. can an app display some permissions when installing, but have others hidden permissions ?
Example: instal APK file > says permissions "Network access" and that's it.
Can this app also read my data or make phone calls, even though those permissions were not displayed ?
What is I use an app to display ALL permissions ? Can it really display all or is there an way to still have hidden permissions ?
I use Android 2.3.7 root and 4.1 no root.
2. Can an app make unauthorized hidden operations, like place phone calls or send texts or steal my gmail password ?
Like I said, I never used a credit card, so at least that's not a problem.
But I have my SIM card - can an app place a value added call or SMS (I don't know the exact English term - expensive call), without me knowing about it ?
Or compromise my Gmail account ? I have an alternate email for recovery.
Thanks for your help.
Anybody ?!