FORUMS

Which Lockscreen Security Type Do You Use?

From pattern locks to the controversial face unlock, there are a number of different ways you … more

Xposed 3.0 Alpha 3 Released

A new alpha for the Xposed framework is out and brings several bug fixes. You’ll only need to flash … more

XDA Recap: This Week In Android (Apr 18 – 25)

Here in the digital XDA newsroom, we spend our days pouring over an average of … more

Sunday Debate: Custom ROMs vs. Modular Tweaks

Join us in a fun Sunday Debate on Mods and ROMs. Come with your opinions and feel free to … more
Post Reply Subscribe to Thread Email Thread

[Q] Permissions and root access on latest My Verizon Mobile update?

9th April 2014, 12:40 AM |#1  
OP Junior Member
Thanks Meter: 5
 
More
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
The Following 2 Users Say Thank You to danep2 For This Useful Post: [ View ]
 
 
9th April 2014, 01:00 AM |#2  
Senior Member
Thanks Meter: 154
 
More
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
10th April 2014, 02:50 AM |#3  
Junior Member
Flag lake forest
Thanks Meter: 7
 
More
I'm glad you mentioned xprivacy I wasn't aware of that app. I don't like them being able to see through my camera either. Guessing it is a Xposed module? It asked me for root once the update was finished I granted it access automatically on accident realized that they site as heck don't need that kind of access to my device I got back into super Su and shut them off! I'm betting even denying it access doesn't matter I'm sure they'll still know we have root. Someone was saying maybe it was a accident from the dev but no way there up to something and it can't be good.
10th April 2014, 04:15 AM |#4  
Senior Member
Flag Scottsdale AZ
Thanks Meter: 339
 
More
Quote:
Originally Posted by 318sugarhill

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
10th April 2014, 04:43 AM |#5  
Pixelation's Avatar
Senior Member
Flag Jersey
Thanks Meter: 103
 
More
Quote:
Originally Posted by cbmggm

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app

And again, we own our phones, and any entity breaking our privacy without our consent is worth an email to the B.B.B



Sent from my SCH-I545 using Tapatalk
10th April 2014, 06:54 AM |#6  
Junior Member
Thanks Meter: 2
 
More
My Findings
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

This is the code I saw:
Code:
  private static String b()
  {
    String str = "YES";
    try
    {
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
      char[] arrayOfChar = new char[17];
      if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
        str = "NO";
      return str;
    }
    catch (Exception localException)
    {
    }
    return "NO";
  }
And then it sends that and some other info in to their web service...
The Following User Says Thank You to hexxellor For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes