Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
0 answers
624 views

Get root permission on android for metasploit

Is there any way to get into the root file system in android with an already installed msfvenom apk in reverse_tcp (to get the whatsapp encryption key)
LWX 's user avatar
  • 11
1 vote
1 answer
310 views

Storage access permissions before initial unlock upon startup

How do Android devices (at least all the non-enterprise personal devices I remember owning) display the wallpaper (usually chosen from the 'downloads' folder) on the lock screen when it first is ...
Chris Riddle's user avatar
0 votes
1 answer
2k views

Is my Android phone camera hacked?

I suddenly see a strange thing when developing my Flutter application. My application that I'm developing is not asking for permissions, it does not need any permissions. But when I debug the app in ...
user2682025's user avatar
5 votes
1 answer
761 views

Is it possible to use WeChat (Weixin) more safely in recent versions of Android by using permissions?

I assume that anything written or read on WeChat is read by the government of the People's Republic of China. I understand the risks of that. However, I would like to understand the implications of ...
Matthew's user avatar
  • 162
64 votes
6 answers
11k views

Is 2FA via mobile phone still a good idea when phones are the most exposed device?

Everyone knows that two factors are better than one. My problem is that often the only second factor allowed is text messages sent to your mobile phone. This creates two concerns: I travel frequently ...
functionalparanoia's user avatar
2 votes
3 answers
3k views

Can an app access location services when I turn off location services?

An app I'm using requires me to grant it the permission to track my location, which I grant. But, if I manually toggle off the device's location service (for example in the settings or the drop down ...
Suimon's user avatar
  • 385
1 vote
2 answers
443 views

Doubt on Android permissions mapping with UIDs/GIDs

Reading the book: Android Security Internals I'm reading at Chapter 2 - Permission Management paragraph that permissions are assigned to application at install time by the packet manager with a ...
ela's user avatar
  • 125
0 votes
0 answers
110 views

can't find mapping of "android.permission.INTERNET" permission to famous methods which should use it

I was trying to evaluate effective permissions usage of an apk using axplorer mapping files. During evaluation I obtained an effective use of the android.permission.INTERNET permission equal to 0. ...
ela's user avatar
  • 125
12 votes
2 answers
395 views

Is there always a user notification when smartphones record audio?

Background: With microphones being embedded in all sorts of consumer electronics, there is widespread concern that certain actors (e.g. device manufacturers, ecosystem providers, third-party apps) ...
ayon's user avatar
  • 151
7 votes
1 answer
1k views

Why would a banking app require access to browsing history and information about apps running on the device?

I have a banking app installed, but when I tried to update it, it asked me for permissions to access browsing history and the information about apps running on the device. Why would a banking app ...
A J's user avatar
  • 175
1 vote
0 answers
485 views

Fake data stub for android authorisations

I'm annoyed by all the applications on my Android device that require access to media/camera/message/call etc, when they don't really need them. Is there a way to fake the autorisations? Like having ...
pwnsauce's user avatar
  • 111
4 votes
2 answers
3k views

Can APK's installed from unknown sources without special permission be considered safe?

If i choose to install downloaded APK files from unknown sources, can it log keystrokes or install malware without additional permissions? Currently users don't have to grant internet permissions ...
Dblend101's user avatar
0 votes
0 answers
366 views

Can Android malware cause any damage without any permissions?

Just as the title says. On Android 6 you can control pretty much every single permission you give to an app. So my question is, if i give no permissions(i.e. when the app doesn't ask for them), is ...
ShinobiUltra's user avatar
0 votes
1 answer
3k views

How to globally limit Bluetooth functionality on Android and iPhone

I recently got my parents a Bluetooth speaker, and they are very new to the smartphone arena. What I would like is to disable all of the Bluetooth functionality in their phones except for the ability ...
Rusty Lemur's user avatar
1 vote
2 answers
6k views

Why should we use checkCallingPermission instead of checkCallingOrSelfPermission in Android?

I scanned a project using Fortify and it says I should replace checkCallingOrSelfPermission method with checkCallingPermission. I could not figure out the security risk that ...
b4da's user avatar
  • 710
1 vote
2 answers
1k views

Does a malware in an android phone have permission to read/modify/delete data of all the apps?

If an android phone is infected with malware/virus, can it access all the apps with modify/delete/read permission? Isn't there any control by an app , say a bank app which can't allow to read data by ...
one's user avatar
  • 1,831
3 votes
2 answers
689 views

Why does the ProtonMail Android app require Identity permissions?

The ProtonMail Android app is supposed to be a privacy-centered alternative for data-mined email services such as Gmail, Yahoo, and Outlook. If this is truly the case, why does the Android app require ...
Fernandoa's user avatar
4 votes
1 answer
273 views

Android apps: required permissions reported before installing are misleading

I've noticed several Android apps that advertise different permission requirements than they actually get after they are installed. I'm on Android 5.0.2. To be more specific: I locate an app through ...
Neo Zen's user avatar
  • 43
0 votes
1 answer
193 views

Acquire new permission after installing an Android application

I would like to know if there is an attack that allows an installed Android application to acquire further permission that is not assigned initially during installation. I did some research and found ...
Nimpo's user avatar
  • 121
2 votes
2 answers
523 views

How can I secure the usage of root access on android, given that I have regular updates?

the situation: I use Android 5.1 I'm running the "rooted" variant of fairphone OS, which means that: I can enable Root access in the developer settings, i.e. I don't need to exploit my phone. ...
uuu's user avatar
  • 375
3 votes
3 answers
2k views

Does Java/Dalvik's Java Native Interface JNI make Android prone to better attacks?

Java has a feature named Java Native Interface (JNI), which allows to call native machine code function from inside the Java's bytecode. This feature allows effectively running machine native code ...
humanityANDpeace's user avatar
0 votes
0 answers
273 views

Facebook app permissions

According to an answer to this question : Bypass app permissions, I changed by curiosity the application permission of Facebook and Messenger for the camera to always ask. I'm using CyanogenMod 12.0. ...
Thanathan's user avatar
  • 782
5 votes
2 answers
356 views

Should Android apps for communication encryption and security require permissions like identity, device ID, contacts, etc.?

There is a Android application Threema for communication encryption and that says it does not collect user data, but it requires the following permissions: identity, contacts and device ID. Can ...
Mihai's user avatar
  • 153
1 vote
1 answer
176 views

Android Permissions and Explanations

I am doing some research on Android permissions and whether or not they could abuse data privacy. Does anyone have a good source on all updated Android permissions with a short explanation on what ...
jay-charles's user avatar
  • 1,229
5 votes
1 answer
378 views

Why do mobile operating systems not implement a way to deny permissions to an app?

Android and iOS (afaik) implement a relativly fine-grained permission schema for their apps. But as I user I only have the change to acceppt all or nothing. When I think about it, it shouldn't be a ...
rdmueller's user avatar
  • 2,783
1 vote
1 answer
726 views

App permissions to access hardware "at any time without your confirmation"

On Android applications now some applications say that they want access to things such as speaker or camera "at any time without your confirmation". I wasn't sure if this meant that it does not ...
user45195's user avatar
  • 137
12 votes
1 answer
341 views

Why does Android mix phone state with phone identity?

The "Phone State" permission on Android is widely requested by many apps. The explanation often given by the developer is that the app needs it in order to determine when you're on the phone, to stop ...
MichaelGG's user avatar
  • 390