Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,728,048 Members 46,477 Now Online
XDA Developers Android and Mobile Development Forum

Privacy concerns about AOKP - Best alternative of Cyanogenmod, AOKP, Replica, etc?

Tip us?
 
maccc
Old
(Last edited by maccc; 14th February 2014 at 08:09 PM.) Reason: typo
#1  
Junior Member - OP
Thanks Meter 0
Posts: 7
Join Date: Feb 2013
Database Privacy concerns about AOKP - Best alternative of Cyanogenmod, AOKP, Replica, etc?

I currently have AOKP (Maclaw) installed on my Samsung Galaxy SIII Mini, but as I was looking through the apps, there was one particular app that got me slightly concerned. It´s called Panda and when I click it, the only option I have is to "Enable Energy Save Mode", yet that utterly simple app has FULL access to the entire phone.

Firstly with Panda, you do not have the option to uninstall it the easy way, so a noob is forced to have it there.
If you try to forcibly stop Panda in the app manager, it will restart itself automatically.

Further more - Panda have the perrmissions to

- directly call phone numbers
read phone status and identity

- read your text messages (SMS or MMS)
send MMS messages

- take pictures and photos

- record audio

- approximate location (network-based)
precise location (GPS and network-based)

- modify your contacts
read your contacts

- read your own contact card

- modify or delete the contents of your SD card

- disable your screen lock

- set an alarm

- read Google service configuration
use accounts on the device
view configured accounts

- read terms you added to the dictionary

- change system display settings
modify secure system settings
retrieve system internal status

- change network connectivity
change WiMaX state
connect and disconnect from Wi-Fi
connect and disconnect from WiMaX
control Near-Field Communication
full network access
view network connections
view Wi-Fi connections

- access Bluetooth settings
pair with Bluetooth devices

- re-order running apps
retrieve running apps
run at startup

- draw over other apps

- control vibration
prevent phone from sleeping

- add words to user-defined dictionary

- change your audio settings

. read sync settings
read sync statistics
toggle sync on and off

- expand / collaps status bar

- modify system settings
read battery statistics
read Home settings and shortcuts
test access and protected storage
write Home settings and shortcuts

- full permissions to all device features and storage

- Set global theme


..meaning I guess that this Panda app has full administrator/root permissions.. - ..but why?

Why does a seemingly useless application like Panda have root permissions, which in turn also makes it fairly difficult to remove? What is the application Panda´s true purpose? Why is it there in the first place? What does it do, exactly?

My concerns with these alternative smartphone operating systems is that there might be an Ubuntu/Debian scenario, where Debian is a nice clean OS giving you the very basics and letting you choose whatever extra you want from there, whereas Ubuntu comes with a lot of extra stuff that you do not really need and / or should be given the ability to choose if you wanted to install or not, upon install.

So, I guess my question to the experienced, security- and privacy-oriented smartphone-OS user is:

What is the best alternative smartphone OS that gives you a simple OS without anything extra such as that suspicious Panda app?

In other words, which smartphone alternative out there today can be trusted the most to respect my privacy? I would of course look into Firefox OS if it was available.

Am I being overly paranoid about AOKP? Should I just keep that, or perhaps Cyanogenmod is the way to go? Or perhaps I am missing an even better solution?


Thanks.
 
GXGOW
Old
#2  
GXGOW's Avatar
Senior Member
Thanks Meter 140
Posts: 526
Join Date: Apr 2012
Location: /storage/sdcard1/Europe/Belgium/East-Flanders/Hamme
You know you can easily disable those permissions with app ops, do you?

Sent from my GT-I8190 MaclawStudio CM 11 using Tapatalk
 
maccc
Old
#3  
Junior Member - OP
Thanks Meter 0
Posts: 7
Join Date: Feb 2013
Quote:
Originally Posted by GXGOW View Post
You know you can easily disable those permissions with app ops, do you?

Sent from my GT-I8190 MaclawStudio CM 11 using Tapatalk
Not with the Panda application you cant, and thats using the original App Ops with 4.3 support.
If you access App Ops to edit permissions for Panda, you arent given a single permission to alter.

The App Ops I am using works just fine with other applications, and I can easily alter permissions - but with Panda, not so--I cannot edit a single permission of Panda´ s, and yet that application has full access to my entire phone.

Panda is an application that seems to come by default with the MacLaw releases, at least on AOKP - I havent tested their Cyanogenmod release yet.

That Panda bear logo of this particular Panda app that I am talking about is the same Panda depicted on http://maclaw.pl - so it kinda begs to question - why is there an application like that with the AOKP MacLaw releases in the first place? Does that app gather information? Can it be accessed remotely? What exactly does it do?

The Panda "Teddy" logo:
 
Veeshush
Old
#4  
Veeshush's Avatar
Member
Thanks Meter 5
Posts: 31
Join Date: Feb 2014
You could upload the app to VirusTotal and if nothing is picking it up then send it to a AV provider that you like as a suspicious file and they'll check it over.

Or upload it and post the link here and I'm sure someone who knows far more than I do) could look it over.
 
GXGOW
Old
#5  
GXGOW's Avatar
Senior Member
Thanks Meter 140
Posts: 526
Join Date: Apr 2012
Location: /storage/sdcard1/Europe/Belgium/East-Flanders/Hamme
You could also just ask him yourself, but I don't think he'll be collecting your personal information. The only thing that app does, is turning off one CPU core and setting the governor to OnDemand. That's all I know.
 
jcase
Old
#6  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor
Thanks Meter 6726
Posts: 3,544
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
PSA root apps, or mods to the system don't really need to declare permissions, they can obtain the same functionality other routes. Don't judge the safety of an app just based on it's permissions.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...