Hello all,
As a newbie, I want to know about all the mandatory permissions as per Google guidelines that are required in any apps manifest .xml file.
Mandatory I mean the permissions which are required for any app to run on any android device.
awaiting for your valuable answers....
Related
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
dk3498 said:
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
Click to expand...
Click to collapse
To my knowledge, no, it wouldn't work.
dk3498 said:
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
Click to expand...
Click to collapse
Yes, this is possible. This is usually done by malicious applications.
dk3498 said:
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
Click to expand...
Click to collapse
XPrivacy, an android app, could be of use here.
dk3498 said:
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
Click to expand...
Click to collapse
See here.
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
dk3498 said:
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
Click to expand...
Click to collapse
Yes, this is possible. XPrivacy comes in handy here since it shows you the permissions which the app requested upon installation (hence you granted), and also shows the permissions the app actually used. Sometimes these include ones which were not requested/granted.
This and this may be in your interest. If not, they're still interesting reads .
Hi, I am student from University would like to ask do you know how I can start this task that I gave myself to complete.
list all permissions, check against database of what permissions should be for those applications and flag up if any installed app has more permissions than it should.
I know, application permission is located in the manifest.xml, but if i use ADB method to list all the permissions, I cannot find a method to list all the permission that belongs to one app only. I would like to check and compare to see if any of the installed application has more permission than it should be.
Any help would be appreciated, as I am just learning.
Nicholasc001
i have shv-e210l and i have cm13 installed on it. i decompress system.new.dat and make addition in system/app and again compress it and it flashed successfully. but when system starts up my application (ChatSecure) which i added to rom was popup ("stoped working"). do i need to add some permissions or what? because my general concept is that when i download application from google play store it asks certain permissions. i need help if i need permissions or not and if i need permissions how can i add them.
Hi every1,
Important threads:
- https://www.thecobraden.com/posts/unblocking_firebase_ids/
Explanation:
I've been messing, for some time now, with android tampering/reverse engineering. But, there is a problem that I can't seem to overcome, neither find any solution for it on any foruns, that is "Signing In with Google" on the app after modifying it (decompiling/recompiling).
The process I follow is as simple as:
Pulling the APK file from my android using adb;
Opening the APK file using jadx-gui to see the contents and search for what I want to change;
Decompiling the APK using APKEasyTool and searching for the .smali file I previously wanted to change;
Changing the file and recompiling the APK with APKEasyTool;
(optional) In case the APK file is splitted, installing it on my device using SAI.
Results:
After this process the app works fine, but as mentioned, I can't no longer sign in on the app with Google. As far as I know, when you click the sign-in button, an HTTP request is made to Google Servers, asking for a token, than can later be used to sign-in on the app (this is made by integrating Firebase in the android project). And, it's in this process that it fails, because on this request it is also sent the SHA-1 fingerprint as a Request Header, which was changed when signing the APK file.
Using a tool like MITMProxy I was able to repeat this request with the APK original SHA-1 (retrieved with keytool -printcert -jarfile <original.apk>), but this requires moving traffic through, for instance, my computer - as a proxy server. (And for some reason it didn't always worked).
Question:
Does anyone have any thoughts on this, or have successfully been able to decompile/recompile an apk and still be able to use Google Sign In option? How can I modify an apk file and still be able to sign in on it with my Google account?
i mean if your device is rooter, you can login in origin apk and use lucky patcher backup data ,install modified apk then do a restore data in to app
Play Services will not allow it unless the apk is signed by Google. The solution is to set the public key for the modified apk and patch Android Framework's signature check to make the system think it's valid.
The yellow smiley face app mentioned above does this, as well as microg.
Is theres a way to modify and run this apks without unlocking secrecy or auth token? i pulled it from my oppo and when i run the app it'll update the existing app
norimee said:
Is theres a way to modify and run this apks without unlocking secrecy or auth token? i pulled it from my oppo and when i run the app it'll update the existing app
Click to expand...
Click to collapse
You can't modify an APK, as it's in binary. You could remove it though - Let me know if you need help.
An APK ( read: Android Application Package ) file by nature is a ZIP file - not a binray - what can get extracted with any zip utility (e.g. 7zip), you can view all resources correctly but all java files are not correctly decompiled.
Content of an APK file looks like
You can also see the contents of an APK file within the Android device itself, which helps a lot in debugging, using
https://play.google.com/store/apps/details?id=com.dasmic.android.apkpeek
All files including the manifest of an app can be viewed and also shared using email, cloud etc., no rooting required.