Originally Posted by danep2
The My Verizon Mobile app was updated in the last day or two. I only noticed because it now needs camera control permissions, which seems really bizarre and a bit spooky to me. But whatever, I can use xprivacy to stop that.
But after making a phone call, the app is also requesting root privileges from SuperSU! That seems terribly sketchy. I've frozen the app with Titanium Backup for now.
I'm not normally a paranoid guy, but this makes me awfully suspicious. Any ideas what's going on here?
There are numerous reviews on the Play store noting these things, and no explanation from Verizon. I have to wonder if they or Google were compromised by heartbleed, and if this could be something malicious.
I was worried too so I decompiled the binary and it didn't appear to attempt to do anything with that root access other than a simple command which essentially verified if the phone was rooted or not, but what it DID do, was then add what it found to a JSON request and sends it to Verizon letting them know your phone is rooted.
I'm no expert so I may have missed something, but that's what I found. The problem is that even if they do nothing with it now, what about on future updates? No way I'm keeping that around.
This is the code I saw:
private static String b()
String str = "YES";
BufferedReader localBufferedReader = new BufferedReader(new InputStreamReader(Runtime.getRuntime().exec("su -c ls").getErrorStream()));
char arrayOfChar = new char;
if ((localBufferedReader.read(arrayOfChar) == arrayOfChar.length) && (new String(arrayOfChar, 0, arrayOfChar.length).trim().equalsIgnoreCase("permission denied")))
str = "NO";
catch (Exception localException)
And then it sends that and some other info in to their web service...