Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,738,867 Members 41,177 Now Online
XDA Developers Android and Mobile Development Forum

[Q] Permissions and root access on latest My Verizon Mobile update?

Tip us?
 
danep2
Old
#1  
Junior Member - OP
Thanks Meter 5
Posts: 4
Join Date: Jan 2012
Default [Q] Permissions and root access on latest My Verizon Mobile update?

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
The Following 2 Users Say Thank You to danep2 For This Useful Post: [ Click to Expand ]
 
318sugarhill
Old
#2  
Senior Member
Thanks Meter 127
Posts: 354
Join Date: Aug 2010
Quote:
Originally Posted by danep2 View Post
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
HTC Incredible (AMOLED) rooted S-off
HTC Rezound unlocked & rooted
Unlocked MDK Rooted Galaxy S4

If it ain't broke....fiddle with it to try to make it better.
 
cfish81
Old
#3  
Junior Member
Thanks Meter 7
Posts: 15
Join Date: May 2013
Location: lake forest
I'm glad you mentioned xprivacy I wasn't aware of that app. I don't like them being able to see through my camera either. Guessing it is a Xposed module? It asked me for root once the update was finished I granted it access automatically on accident realized that they site as heck don't need that kind of access to my device I got back into super Su and shut them off! I'm betting even denying it access doesn't matter I'm sure they'll still know we have root. Someone was saying maybe it was a accident from the dev but no way there up to something and it can't be good.
 
cbmggm
Old
#4  
Senior Member
Thanks Meter 268
Posts: 544
Join Date: May 2011
Location: Medinah IL
Quote:
Originally Posted by 318sugarhill View Post
I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
 
Pixelation
Old
#5  
Pixelation's Avatar
Senior Member
Thanks Meter 103
Posts: 559
Join Date: Jan 2012
Location: Jersey
Quote:
Originally Posted by cbmggm View Post
There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
And again, we own our phones, and any entity breaking our privacy without our consent is worth an email to the B.B.B



Sent from my SCH-I545 using Tapatalk

DROID DOES.....
Apple DID, like I can't remember
 
hexxellor
Old
#6  
Junior Member
Thanks Meter 1
Posts: 5
Join Date: Jun 2010
Default My Findings

Quote:
Originally Posted by danep2 View Post
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

This is the code I saw:
Code:
Select Code
  private static String b()
  {
    String str = "YES";
    try
    {
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
      char[] arrayOfChar = new char[17];
      if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
        str = "NO";
      return str;
    }
    catch (Exception localException)
    {
    }
    return "NO";
  }
And then it sends that and some other info in to their web service...
The Following User Says Thank You to hexxellor For This Useful Post: [ Click to Expand ]
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Browse the Internet with the Innovative Atlas Web Browser

For the most part, Chrome, Firefox, and Dolphin Browser have no real rivals among … more

Choose from Over a Thousand Battery Styles with 3Minit Battery Mod

The battery style in stock Android looks pretty dull. It doesn’t … more

Organize Your Cloud Storage Files with Unclouded

Cloud storage services like Dropbox or Google Drive have grown in popularity dramatically … more

XDA Xposed Tuesday: Blur Your System Notification Panel – XDA Developer TV

Listen, we love innovative applications and modules that … more