I got this notification on the notification bar that said,
Permission Requested
for account [email protected]
Click to expand...
Click to collapse
When you open it, you see the top section saying:
Android System
The listed applications are requesting permission to access the Google Calendar login credentials for account [email protected] from Google. Do you wish to grant this permission? If so, your answer will be remembered and you will not be prompted again.
Click to expand...
Click to collapse
The [email protected] is obviously replaced with my own gmail account.
Then there are two large buttons, Allow and Deny followed by a long list of applications, many of which I don't use nor want to allow.
It doesn't give you the ability to select which apps to allow, just all or none. There any way to undo this if I say allow and then deny the ones I don't? Seems rather strange way to ask for permission. Why bother if you can't select which ones you want.
krelvinaz said:
I got this notification on the notification bar that said,
When you open it, you see the top section saying:
The [email protected] is obviously replaced with my own gmail account.
Then there are two large buttons, Allow and Deny followed by a long list of applications, many of which I don't use nor want to allow.
It doesn't give you the ability to select which apps to allow, just all or none. There any way to undo this if I say allow and then deny the ones I don't? Seems rather strange way to ask for permission. Why bother if you can't select which ones you want.
Click to expand...
Click to collapse
I have an Evo 4G and was prompted with the same thing. I am tempted to click Deny. Some of the apps have no business getting to Google Calendar.
Anyone have insight into what this is about? Why would this appear?
I got the same request this morning on my Sprint Hero with rooted 2.1. I did click Deny, because there were applications on the list that I don't want to grant calendar access to. The notification always comes back within a few minutes.
Related
Here's an interesting occurrence. A family member recently accidentally clicked on an advertisement posing as a facebook-esque message indicator. They mistook it for a valid part of the site, and it took them to the porn site "MFUN2U". The site then proceeded to trigger a download of "HotBabe_adm_~.apk" every few seconds. Apparently it was intended that the user click the download message (either accidentally or to see what it is), and hopefully be naive enough to click through the market install screen that would result.
So just a public service announcement to everyone; make sure you keep "Install from unknown sources" OFF whenever you are not actively using it, and watch what you click. Careful not to fall for banners claiming "You have a new message from a friend" or other similar phrases. And if you find yourself at a bad website, you can quickly close it by going into the "Windows" screen from the browser menu.
To those with root, be sure to pay attention to what programs you give access to.
And remember, no operation system that allows users to install programs is "virus proof". Android does not understand the intents of programs beyond its simple permissions, nor can it detect if a program is "good" or "bad". If you install a program that can read your text messages and access the internet, than it can freely do both things, even if it decides to send your texts to a third party site. It already has your consent; you agreed to the permissions when installing it.
For more info, the advertisement was served by AdMob on DeviantArt. The APK package was "com.firstlogix.streammedia.HotBabe", and had the permissions SEND_SMS, INTERNET, and ACCESS_NETWORK_STATE.
Are you sure it's malware and just not some random app that shows pr0n?
Either way, good looking out. Malware or not, I obviously don't want it on my phone.
Should an app to display pictures need to send SMS messages? It might not be, but considering the nature of "delivery", it certainly had bad intentions.
By malware, I don't mean trojans or anything of that nature. Consider that a program with those permissions could retrieve a list of phone numbers and messages from the internet and start sending them from your phone. Could be part of a bot net to send advertisements to others, or subscribe you to payed daily text messages.
At any rate, android has now become large enough to be targeted by things like this.
RoboPhred said:
Should an app to display pictures need to send SMS messages? It might not be, but considering the nature of "delivery", it certainly had bad intentions.
By malware, I don't mean trojans or anything of that nature. Consider that a program with those permissions could retrieve a list of phone numbers and messages from the internet and start sending them from your phone. Could be part of a bot net to send advertisements to others, or subscribe you to payed daily text messages.
At any rate, android has now become large enough to be targeted by things like this.
Click to expand...
Click to collapse
True, true. I'm just thinking to openly about it, lol. Way I look at it: MANY apps need control over things you wouldn't think they would need control over. Seeing as how it's delivered, as you said, certainly implies it's up to no good..
RoboPhred said:
Should an app to display pictures need to send SMS messages? It might not be, but considering the nature of "delivery", it certainly had bad intentions.
By malware, I don't mean trojans or anything of that nature. Consider that a program with those permissions could retrieve a list of phone numbers and messages from the internet and start sending them from your phone. Could be part of a bot net to send advertisements to others, or subscribe you to payed daily text messages.
At any rate, android has now become large enough to be targeted by things like this.
Click to expand...
Click to collapse
Yes, if it's a program that allows pictures to be shared by sms.
amazinglarry311 said:
Yes, if it's a program that allows pictures to be shared by sms.
Click to expand...
Click to collapse
You're way off subject, bro. Read all 3 posts first, not just the second to last.
I've said it before, and I'll say it again... Android's security system needs to offer the user the ability to selectively DENY a program the permissions that it requests.
Note however; this does not imply a virus.
In fact, android is more or less impervious to virii. A windoze virus works because it has ROOT PERMISSION -- does whatever it wants. A linux process is limited to the permissions given to that specific user -- this even applies to a VIRUS process.
In android, EACH APPLICATION (except for shared apps, but they need to be signed by the same key for this to work) has its very own user, so any one application can ONLY access ITS OWN files and that data (not files) specifically authorized based on the requested/granted permissions.
Also note: The access that an application gets from pulling data through the permissions is very limited -- it has to request data in certain specifically configured data sets, and the system responds in a very restricted way to those.
This particular application mentioned can access the internet, read network state (i.e. connected/disconnected), and SEND sms. It can NOT read contact list, and thus cannot spam your contacts. It cannot barf up your system. If you erase it, its gone without a trace.
The WORST it can do is send a billion SMS messages and/or basically hand over your phone number to phone-spammers (i.e. via callerid from the sms).
And contrary to what was said above, the permissions requested are a GREAT way to determine if a program is safe/sensible. If the program does not need the permission but still asks for it, you need to ask yourself WHY it would be asking for it... and IF that program REALLY DOESN'T need the permission, then it is one of two reasons: either the developer is a retard and asked for blanket permissions, or the developer has nefarious intentions. Either reason means that you don't want to install that application (or would, in the least, demand that the permissions be restricted to something more sensible).
If a program doesn't appear to need the permission, then it DOESN'T. Simple as that.
This program is not a virus. That doesn't mean that this program is a good program or is entirely benevolent.
"Virus" has come to be a blanket term now, rather than just something that just spreads itself around. Most would consider a trojan to be a virus, despite the fact that they are usually targeted and traditionally don't send themselves to others. Programs don't need root access to behave in ways you don't want them to. Ask anyone to describe "a program that sends text messages from your phone to spammer companies so they can get your phone number", and they probably would choose "virus".
At any rate, no one ever made the claim that the program was a virus in the traditional sense, just malware. Android certainly has very effective security features, and an apk can't take over the phone (without root permission anyway), but thats little consolation when you have to get a new phone number.
I feel I need to step back and say that this wasn't intended to be reactionary (nor are people treating it as such, but its getting close). This is just a general alert to remind people to pay attention to what they do with their devices, and to be suspicious of any unexplained downloads or other events.
In many application downloaded from market, like anysoftkeyboard, there is a popup warning window that says "the application may be able to collect all the text you type... passwords, credit cards numbers(!!!) etc.". The preinstalled applications on a device do the same? Finaly is the android applicable for secure usage in everyday transactions like online shopping or internet banking?
sinnaiy said:
In many application downloaded from market, like anysoftkeyboard, there is a popup warning window that says "the application may be able to collect all the text you type... passwords, credit cards numbers(!!!) etc.". The preinstalled applications on a device do the same? Finaly is the android applicable for secure usage in everyday transactions like online shopping or internet banking?
Click to expand...
Click to collapse
Not 100% sure as I didn't write the apps, but as far as I know, it doesn't actually "collect" your passwords and credit card numbers in the sense of stealing it...but rather certain keyboards allow you to add custom words into the dictionary. For example, if you were to write "ROFL," this obviously wouldn't be in the dictionary. If you choose to add this word to the dictionary, the keyboard will effectively collect (store) the word. So, as you see, the keyboard only "remembers" the words, with your approval, to make typing easier for you in the future.
Keyboard could collect key data, but they need internet access to send them to other people. So if the keyboard doesn't has got full internet access you're safe. (Unless it saves data to SD and another app sends that file to server, but most keyboard doesn't has got SD-card write access)
fifarunnerr said:
Keyboard could collect key data, but they need internet access to send them to other people. So if the keyboard doesn't has got full internet access you're safe. (Unless it saves data to SD and another app sends that file to server, but most keyboard doesn't has got SD-card write access)
Click to expand...
Click to collapse
In a perfect world this would be true but there are a few eploitable holes to pass that data to the internet.
Just because an app doesnt have the INTERNET permission does not mean it cant send out certain data.
Some of the exploits are known but I'm not going to go into detail about them. Just be sure you trust they keyboard people before installing their keyboard.
I think you don't have to be afraid as long as you use the stock keyboard. If you use an other one check what was said in tue prevoius posts. And don't forget, Google doesn't checks the apps, this message is shown for every keyboard to let you know the risks
Sent from my GT-I5700 using XDA Premium App
It worrys me when I try to install a new app, only to see a long list of permissions its requesting. Why would a simple game require it access my call logs, phone number etc...
Is there anything built into custom roms that prevents this private data being sent out? Can these apps really pull your info such as your whole contact list and call history?
I just installed an app called LBE privacy guard, and even Launcher Pro is trying to access my call logs and sms messages. Ive set most all apps to restricted on it and my security log is full of downloaded apps trying to access my info.
redspeed said:
It worrys me when I try to install a new app, only to see a long list of permissions its requesting. Why would a simple game require it access my call logs, phone number etc...
Is there anything built into custom roms that prevents this private data being sent out? Can these apps really pull your info such as your whole contact list and call history?
I just installed an app called LBE privacy guard, and even Launcher Pro is trying to access my call logs and sms messages. Ive set most all apps to restricted on it and my security log is full of downloaded apps trying to access my info.
Click to expand...
Click to collapse
CM7 allows for the ability to restrict permissions for specific applications(not finished yet), but that's the only one.
FWIW, Launcher Pro requests those permissions to do little "pop ups" on the dock for missed calls and text messages.
Decad3nce said:
FWIW, Launcher Pro requests those permissions to do little "pop ups" on the dock for missed calls and text messages.
Click to expand...
Click to collapse
That makes me feel a little bit better at least. Thought Launcher Pro was betraying me by stealing my info
When an app requests permissions like read contact data- does it actually have the ability to go through my private contact list and send back the names and phone numbers to their server?
I've always thought it funny that people who worry about data security will install a ROM built by a semi-anonymous chef. At least when you deal with Samsung and Sprint you know who has to answer for any problems. With a cooked ROM, who knows what could be in there?
I don't know what they would want to do with anyone's contacts but like posted above most apps use notification features even though some don't use the feature that often it is still available I trust that Google's os has certain inalienable features to keep app in check and make sure data is safe..... I haven't heard of anyone being killed or follwed because location data was sent to a corporation .... now calleriq is something to be requined with...
No one show the OP what carrieriq is ...lol
Sent from my SPH-D700
poit said:
I've always thought it funny that people who worry about data security will install a ROM built by a semi-anonymous chef. At least when you deal with Samsung and Sprint you know who has to answer for any problems. With a cooked ROM, who knows what could be in there?
Click to expand...
Click to collapse
I believe moderators examine Roms for that sort of thing. Also, if it was found out that someone was doing that, there would be some major problems.
As title says and pic shows
Never seen before, Iam on stock rom with no mods or tweaks!
N9005 KK NC2
thermax04 said:
As title says and pic shows
Click to expand...
Click to collapse
If I'm not mistaken, if you click/touch those it will delete that whole message history.
No, tried now , clicking this x sign just open the messages thread
And pushing it just open the same 3 menu options to delete or view contact or add to spam, which shows when u push on other message without this x sign
thermax04 said:
No, tried now , clicking this x sign just open the messages thread
And pushing it just open the same 3 menu options to delete or view contact or add to spam, which shows when u push on other message without this x sign
Click to expand...
Click to collapse
I believe it is related to the Gmail status - check if the contact contains a gmail account.
I get green orbs and yellow orbs there usually, but idk about your theme applied it could have changed it.
The screenshot is a custom ROM. That is not Stock.
I know that one of these names has gmail account but don't know about the other one, but still this never seen before, so why now?!
this screen shot from my phone, and it is stock rom, it is themed and rooted only but still stock
I thought it was related to your contacts Google account and if they are available for Google chat or similar. Test it out with one of the contacts
it COULD be related to one or more of your messages in that thread not being sent. I've seen something similar to that if I try to send a message when i don't have service, usually i've had to open that message thread and manually resend the failed message.
The strnage thing is: I did a soft reboot and the x sign disappeared!!!
soft boots prompt the phone to reconnect to the network, in which case the messages that weren't sent before might have finally gotten sent now. So your friends might have gotten some late texts from you
No, I checked with both of them before, and both confirmed that they got the message in time!!!!, and i received already the delivery confirmation message before
So I'm trying to allow permissions in Marshmallow, but it doesn't matter which setting is active. Example: in the Facebook messaging app, I try to post a picture on a group chat. It says I need to active a permission to allow it. I proceed to allow it, but then it says I need to allow draw over other apps. So I go to settings, and click on the toggle to turn it on and then go back to the app. When I go to allow the permission again, it says the same thing and that I need to toggle the permission to draw over other apps. No matter if the toggle is on or off it says the same thing. Am I missing something?