Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,785,512 Members 41,588 Now Online
XDA Developers Android and Mobile Development Forum

Can Virus Rewrite Permissions?

Tip us?
 
derod
Old
#1  
Account currently disabled - OP
Thanks Meter 1
Posts: 34
Join Date: Jan 2014
Default Can Virus Rewrite Permissions?

Can virus disguised in some apps rewrite permissions to allow them access to personal data?
The Following User Says Thank You to derod For This Useful Post: [ Click to Expand ]
 
Irwenzhao
Old
#2  
Irwenzhao's Avatar
Senior Member
Thanks Meter 254
Posts: 798
Join Date: Nov 2013
Location: Singapore
Quote:
Originally Posted by derod View Post
Can virus disguised in some apps rewrite permissions to allow them access to personal data?
Don't think they can unless they have root permissions, which the user have to allow/deny (unless the user sets the SuperSU to auto allow, which is stupid)

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA
N7105 rocking AOSB with AGNi kernel
Click "Thanks" if I was of any help!
 
jcase
Old
#3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 7,209
Posts: 3,627
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by derod View Post
Can virus disguised in some apps rewrite permissions to allow them access to personal data?
Any application that can gain root privileges can "rewrite" permissions, or give apps permissions they were previously denied. Given if an app can escalate that far, they dont need more permissions.

Second option would be a silent install vulnerability, allowing another app to sideload a new one. Look at my LGInstallServices vulnerability as a prime example.

Quote:
Originally Posted by Irwenzhao View Post
Don't think they can unless they have root permissions, which the user have to allow/deny (unless the user sets the SuperSU to auto allow, which is stupid)

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA
This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following User Says Thank You to jcase For This Useful Post: [ Click to Expand ]
 
Irwenzhao
Old
#4  
Irwenzhao's Avatar
Senior Member
Thanks Meter 254
Posts: 798
Join Date: Nov 2013
Location: Singapore
Quote:
Originally Posted by jcase View Post
Any application that can gain root privileges can "rewrite" permissions, or give apps permissions they were previously denied. Given if an app can escalate that far, they dont need more permissions.

Second option would be a silent install vulnerability, allowing another app to sideload a new one. Look at my LGInstallServices vulnerability as a prime example.



This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.
Sorry for wrong information, and thanks @jcase for the right info.

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA
N7105 rocking AOSB with AGNi kernel
Click "Thanks" if I was of any help!
 
derod
Old
#5  
Account currently disabled - OP
Thanks Meter 1
Posts: 34
Join Date: Jan 2014
Quote:
Originally Posted by jcase View Post

This is incorrect, superuser/supersu would only impact applications using the associated su binary to gain root. it would have no impact on applications gaining root through another route.
Youre saying that as long as youre rooted that apps wont be affected by virus?
 
jcase
Old
#6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 7,209
Posts: 3,627
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by derod View Post
Youre saying that as long as youre rooted that apps wont be affected by virus?
Where did I say that? No not at all. Rooting decreases the security of the device.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
derod
Old
#7  
Account currently disabled - OP
Thanks Meter 1
Posts: 34
Join Date: Jan 2014
Quote:
Originally Posted by jcase View Post
Where did I say that? No not at all. Rooting decreases the security of the device.
Thats what we thought you said.
 
jcase
Old
#8  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 7,209
Posts: 3,627
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by Irwenzhao View Post
Sorry for wrong information, and thanks @jcase for the right info.

Smack that Thanks button if I helped!
XDAing from a N7105 powered by Illusion ROM.
Sent from a small country called Singapore.
P.S. Time for school, not much time for XDA

No worries man, if you see me with wrong info please call it out.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
wk3054
Old
#9  
Junior Member
Thanks Meter 0
Posts: 4
Join Date: Jan 2014
Are you sure that the app would need root? I don't need root with CM to change app-permissions.
 
derod
Old
#10  
Account currently disabled - OP
Thanks Meter 1
Posts: 34
Join Date: Jan 2014
Quote:
Originally Posted by wk3054 View Post
Are you sure that the app would need root? I don't need root with CM to change app-permissions.
Thats odd I thought that you would need it.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes