[Q] Permissions and root access on latest My Verizon Mobile update?

Search This thread

danep2

New member
Jan 18, 2012
4
5
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
 

318sugarhill

Senior Member
Aug 31, 2010
813
223
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
 

cfish81

Member
May 26, 2013
19
8
lake forest
I'm glad you mentioned xprivacy I wasn't aware of that app. I don't like them being able to see through my camera either. Guessing it is a Xposed module? It asked me for root once the update was finished I granted it access automatically on accident realized that they site as heck don't need that kind of access to my device I got back into super Su and shut them off! I'm betting even denying it access doesn't matter I'm sure they'll still know we have root. Someone was saying maybe it was a accident from the dev but no way there up to something and it can't be good.
 

cbmggm

Senior Member
May 1, 2011
709
402
Scottsdale AZ
I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
 

Pixelation

Senior Member
Jan 14, 2012
559
103
Jersey
There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app

And again, we own our phones, and any entity breaking our privacy without our consent is worth an email to the B.B.B

:D

Sent from my SCH-I545 using Tapatalk
 
My Findings

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

This is the code I saw:
Code:
  private static String b()
  {
    String str = "YES";
    try
    {
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
      char[] arrayOfChar = new char[17];
      if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
        str = "NO";
      return str;
    }
    catch (Exception localException)
    {
    }
    return "NO";
  }

And then it sends that and some other info in to their web service... :mad:
 
  • Like
Reactions: garywojdan81

Top Liked Posts

  • There are no posts matching your filters.
  • 2
    The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

    But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

    I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

    There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
    1
    My Findings

    The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

    But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

    I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

    There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

    I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

    I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

    This is the code I saw:
    Code:
      private static String b()
      {
        String str = "YES";
        try
        {
          BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
          char[] arrayOfChar = new char[17];
          if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
            str = "NO";
          return str;
        }
        catch (Exception localException)
        {
        }
        return "NO";
      }

    And then it sends that and some other info in to their web service... :mad: