Early Lollipop Ports for Micromax A116 and A117

It feels like it was only yesterday when Google announced the mysterious Android L.After … more

Now Gesture Tweaks Replaces Google Now with Custom Action

On most modern Android devices with software navigation keys, swiping up from the … more

ToqAN Fixes Android 5.0 Notification Bug on Qualcomm Toq

The Qualcomm Toq is probably one of the lesser known smartwatches on the market … more

How to Root and Unlock the Google Nexus 6 on a Mac – XDA TV

In the past, XDA Developer TV Producer droidmodd3rx has shown you how to … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] Permissions and root access on latest My Verizon Mobile update?

OP danep2

9th April 2014, 01:40 AM   |  #1  
OP Junior Member
Thanks Meter: 5
 
4 posts
Join Date:Joined: Jan 2012
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
The Following 2 Users Say Thank You to danep2 For This Useful Post: [ View ]
9th April 2014, 02:00 AM   |  #2  
Senior Member
Thanks Meter: 152
 
443 posts
Join Date:Joined: Aug 2010
More
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app
10th April 2014, 03:50 AM   |  #3  
Junior Member
Flag lake forest
Thanks Meter: 7
 
15 posts
Join Date:Joined: May 2013
More
I'm glad you mentioned xprivacy I wasn't aware of that app. I don't like them being able to see through my camera either. Guessing it is a Xposed module? It asked me for root once the update was finished I granted it access automatically on accident realized that they site as heck don't need that kind of access to my device I got back into super Su and shut them off! I'm betting even denying it access doesn't matter I'm sure they'll still know we have root. Someone was saying maybe it was a accident from the dev but no way there up to something and it can't be good.
10th April 2014, 05:15 AM   |  #4  
Senior Member
Flag Scottsdale AZ
Thanks Meter: 308
 
589 posts
Join Date:Joined: May 2011
More
Quote:
Originally Posted by 318sugarhill

I got the same thing. Ir requested root and I said WHOAAAAA. NO WAY

It raised a red flag with me. Even if it's not suspicious.....verizon does not need root access on my device with that app

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app
10th April 2014, 05:43 AM   |  #5  
Pixelation's Avatar
Senior Member
Flag Jersey
Thanks Meter: 103
 
559 posts
Join Date:Joined: Jan 2012
More
Quote:
Originally Posted by cbmggm

There was "Breaking News" across a bunch of Forums. On the minimum side VZW can identify "rooted" phones. Uninstall and access your account the old fashioned way; via Internet Browser.

Sent from my SCH-I545 using xda app-developers app

And again, we own our phones, and any entity breaking our privacy without our consent is worth an email to the B.B.B



Sent from my SCH-I545 using Tapatalk
10th April 2014, 07:54 AM   |  #6  
Junior Member
Thanks Meter: 2
 
7 posts
Join Date:Joined: Jun 2010
More
My Findings
Quote:
Originally Posted by danep2

The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.

But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.

I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?

There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.

I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.

I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.

This is the code I saw:
Code:
  private static String b()
  {
    String str = "YES";
    try
    {
      BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
      char[] arrayOfChar = new char[17];
      if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
        str = "NO";
      return str;
    }
    catch (Exception localException)
    {
    }
    return "NO";
  }
And then it sends that and some other info in to their web service...
The Following User Says Thank You to hexxellor For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes