Hi, I am student from University would like to ask do you know how I can start this task that I gave myself to complete.
list all permissions, check against database of what permissions should be for those applications and flag up if any installed app has more permissions than it should.
I know, application permission is located in the manifest.xml, but if i use ADB method to list all the permissions, I cannot find a method to list all the permission that belongs to one app only. I would like to check and compare to see if any of the installed application has more permission than it should be.
Any help would be appreciated, as I am just learning.
Nicholasc001
Related
Looking for some clarification on app permissions, i.e. Owner, Group, Others, Read, Write, Execute.
Using Root Explorer or adb we can change the permissions of files and folders.
How important is it that a particular application have the correct permissions?
Does is really matter if an app has Group Write if it is not supposed to?
When pushing apps with adb, how are permissions determined? Is it ok to leave them as adb sets them?
I have done alot of adb pushing and the permissions after are never the same as they were originally.
I am trying to sync a rostering app between two devices using dropsync.
The .db files that need syncing are in the /data/data/com.blah.blah/databases directory. Using Root explorer I can change the permissions to give full rw permission to others. The two .db files will then upload to the dropsync server.
The problem is that whenever the app is opened and anything modified, the permissions change back to default and thus dropsync can't access the modified .db
Is there anyway to change this or am I wasting my time? what is the 'sticky' box option in RE?
I'm not sure precisely what "sticky" means, but it's not what you want--it doesn't involve persistence or "sticking".
You could try to make the files not owned by the app but set it so the group is the app. Make sure the group can read/write/execute, or whatever it needs. This way, the app can still use the file but won't be able to change its permissions.
Of course, it could see that it doesn't own the file and refuse to run. I'm not sure what sort of checks the program's authors implemented. This also won't work if the file is deleted and created anew--the new file would be owned by the app.
Yeah thanks for that,
I tried the ownership and group swap earlier, and am pretty sure the app re- writes the db.
Don't think is going to work.
cheers
Well its obvious that the app, when opened sets the permissions to the .db files so that they wont be usable by others. The way you describe the problem is more likely to be a file owner problem and not with the permissions. Try to set the app and the files to the same owner and see if that works. You could always make a script that would change the permissions/ownership of the file.
FYI,
The sticky bit is a special part of the permissions mask for a file or directory. When set on a directory, it tells the system to prevent anyone but a containing file's owner from deleting files in that directory. This is handy if you have a directory that's being used by multiple users on a system as scratch space as it prevents people from wiping out others' files.
For files....the behavior isn't defined.
Hope this helps,
- chris
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
dk3498 said:
Hi, I have recently tried to create a program which outputs the permissions required by a apk using the command "aapt d permissions apkfilename.apk". I tried it on a list of apk files and most of it worked. However there appears to be 1 apk which provides an error stating: dump failed because no AndroidManifest.xml found. There is also another second apk file which provides no error message when the aapt command is used, however no permissions are listed. Based on that observation I have a couple of questions regarding permissions.
1.) I was wondering, is it possible for a apk file to work on a phone despite not having a androidmanifest.xml file (after the apk is installed into the phone)?
Click to expand...
Click to collapse
To my knowledge, no, it wouldn't work.
dk3498 said:
2.) In addition to that, is it possible for a apk file (after the apk is installed into the phone) to use permissions without asking the user for permission?
Click to expand...
Click to collapse
Yes, this is possible. This is usually done by malicious applications.
dk3498 said:
3.)Is there any another file/command which could definitely list the permissions required by the apk, assuming if the person who created the apk tried to hide the permissions required?
Click to expand...
Click to collapse
XPrivacy, an android app, could be of use here.
dk3498 said:
4.)The aapt program output two types of permission, uses-permission and permission. What are the differences between the two?
Click to expand...
Click to collapse
See here.
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
dk3498 said:
Hi Theonew, thanks for the help :good:. So am i right to assume that malicious apk files could avoid stating the permission used/required in the androidmanifest.xml but still be able to use it behind the scenes?
Click to expand...
Click to collapse
Yes, this is possible. XPrivacy comes in handy here since it shows you the permissions which the app requested upon installation (hence you granted), and also shows the permissions the app actually used. Sometimes these include ones which were not requested/granted.
This and this may be in your interest. If not, they're still interesting reads .
Hello all,
As a newbie, I want to know about all the mandatory permissions as per Google guidelines that are required in any apps manifest .xml file.
Mandatory I mean the permissions which are required for any app to run on any android device.
awaiting for your valuable answers....
i have shv-e210l and i have cm13 installed on it. i decompress system.new.dat and make addition in system/app and again compress it and it flashed successfully. but when system starts up my application (ChatSecure) which i added to rom was popup ("stoped working"). do i need to add some permissions or what? because my general concept is that when i download application from google play store it asks certain permissions. i need help if i need permissions or not and if i need permissions how can i add them.