Microsoft to Counter “OK Google” with Bing Torque

When Microsoft is making apps for Android, users should be aware that something … more

Google Confirms “Android Lollipop Day” for November 3rd

A little over a week ago, Google announced the latest iteration of … more

Get Your XDA 2015 Custom Avatar and Signature Images Here

As stated in our motto, XDA Developer is for developers, by developers. The … more

Pin Your Photos on Android Lollipop with Photo Pinner

In the last few weeks,we have been talking quite a bit about Android 5.0 Lollipop. This … more
Post Reply

[Q] Permissions and root access on latest My Verizon Mobile update?

OP danep2

9th April 2014, 12:40 AM   |  #1  
OP Junior Member
Thanks Meter: 5
 
4 posts
Join Date:Joined: Jan 2012
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
The Following 2 Users Say Thank You to danep2 For This Useful Post: [ View ]
9th April 2014, 01:00 AM   |  #2  
Senior Member
Thanks Meter: 135
 
395 posts
Join Date:Joined: Aug 2010
More
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
10th April 2014, 02:50 AM   |  #3  
Junior Member
Flag lake forest
Thanks Meter: 7
 
15 posts
Join Date:Joined: May 2013
More
I'm glad you mentioned xprivacy I wasn't aware of that app. I don't like them being able to see through my camera either. Guessing it is a Xposed module? It asked me for root once the update was finished I granted it access automatically on accident realized that they site as heck don't need that kind of access to my device I got back into super Su and shut them off! I'm betting even denying it access doesn't matter I'm sure they'll still know we have root. Someone was saying maybe it was a accident from the dev but no way there up to something and it can't be good.
10th April 2014, 04:15 AM   |  #4  
Senior Member
Flag Scottsdale AZ
Thanks Meter: 274
 
552 posts
Join Date:Joined: May 2011
More
Quote:
Originally Posted by 318sugarhill

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
10th April 2014, 04:43 AM   |  #5  
Pixelation's Avatar
Senior Member
Flag Jersey
Thanks Meter: 103
 
559 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by cbmggm

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app

And again, we own our phones, and any entity breaking our privacy without our consent is worth an email to the B.B.B



Sent from my SCH-I545 using Tapatalk
10th April 2014, 06:54 AM   |  #6  
Junior Member
Thanks Meter: 1
 
5 posts
Join Date:Joined: Jun 2010
More
My Findings
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

This is the code I saw:
Code:
  private static String b()
  {
    String str = "YES";
    try
    {
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
      char[] arrayOfChar = new char[17];
      if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
        str = "NO";
      return str;
    }
    catch (Exception localException)
    {
    }
    return "NO";
  }
And then it sends that and some other info in to their web service...
The Following User Says Thank You to hexxellor For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in Verizon Samsung Galaxy S 4 Q&A, Help & Troubleshooting by ThreadRank