MultiROM Once Again Available for the Galaxy S4

Multiboot, or the ability to select betweenmultiple operating systems on a single device at … more

Build an Impractical But Awesome Lego Mindstorm Dock

The vast majority of what we cover here on the XDA-Developers News Portal relates to … more

MultiROM Makes its Way Over to the HTC One (M8)

While browsing our forum, you will undoubtedly find more than a few enticing ROMs available … more

Welcome to the New XDA-Developers Portal!

You may recall that a few weeks ago, we opened up the XDA-2015 forum themesto intrepid users … more
Post Reply

Can Virus Rewrite Permissions?

16th January 2014, 08:42 PM   |  #1  
OP Account currently disabled
Thanks Meter: 1
 
34 posts
Join Date:Joined: Jan 2014
Can virus disguised in some apps rewrite permissions to allow them access to personal data?
The Following User Says Thank You to derod For This Useful Post: [ View ]
18th January 2014, 11:38 PM   |  #2  
Irwenzhao's Avatar
Senior Member
Flag Singapore
Thanks Meter: 255
 
799 posts
Join Date:Joined: Nov 2013
More
Quote:
Originally Posted by derod

Can virus disguised in some apps rewrite permissions to allow them access to personal data?

Don't think they can unless they have root permissions, which the user have to allow/deny (unless the user sets the SuperSU to auto allow, which is stupid)

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA
19th January 2014, 07:40 AM   |  #3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,867
 
3,822 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by derod

Can virus disguised in some apps rewrite permissions to allow them access to personal data?

Any application that can gain root privileges can "rewrite" permissions, or give apps permissions they were previously denied. Given if an app can escalate that far, they dont need more permissions.

Second option would be a silent install vulnerability, allowing another app to sideload a new one. Look at my LGInstallServices vulnerability as a prime example.

Quote:
Originally Posted by Irwenzhao

Don't think they can unless they have root permissions, which the user have to allow/deny (unless the user sets the SuperSU to auto allow, which is stupid)

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA

This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.
The Following User Says Thank You to jcase For This Useful Post: [ View ]
19th January 2014, 10:24 AM   |  #4  
Irwenzhao's Avatar
Senior Member
Flag Singapore
Thanks Meter: 255
 
799 posts
Join Date:Joined: Nov 2013
More
Quote:
Originally Posted by jcase

Any application that can gain root privileges can "rewrite" permissions, or give apps permissions they were previously denied. Given if an app can escalate that far, they dont need more permissions.

Second option would be a silent install vulnerability, allowing another app to sideload a new one. Look at my LGInstallServices vulnerability as a prime example.



This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.

Sorry for wrong information, and thanks @jcase for the right info.

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA
19th January 2014, 02:04 PM   |  #5  
OP Account currently disabled
Thanks Meter: 1
 
34 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by jcase


This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.

Youre saying that as long as youre rooted that apps wont be affected by virus?
19th January 2014, 02:08 PM   |  #6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,867
 
3,822 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by derod

Youre saying that as long as youre rooted that apps wont be affected by virus?

Where did I say that? No not at all. Rooting decreases the security of the device.
20th January 2014, 02:26 AM   |  #7  
OP Account currently disabled
Thanks Meter: 1
 
34 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by jcase

Where did I say that? No not at all. Rooting decreases the security of the device.

Thats what we thought you said.
20th January 2014, 02:48 AM   |  #8  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,867
 
3,822 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by Irwenzhao

Sorry for wrong information, and thanks @jcase for the right info.

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA


No worries man, if you see me with wrong info please call it out.
24th January 2014, 12:09 PM   |  #9  
Junior Member
Thanks Meter: 0
 
4 posts
Join Date:Joined: Jan 2014
Are you sure that the app would need root? I don't need root with CM to change app-permissions.
24th January 2014, 03:55 PM   |  #10  
OP Account currently disabled
Thanks Meter: 1
 
34 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by wk3054

Are you sure that the app would need root? I don't need root with CM to change app-permissions.

Thats odd I thought that you would need it.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Security Discussion by ThreadRank