Hi,
Today I found this document on the german website www.heise.de
This document is a threat analysis of the Android Market.
On page 9 is an overview how many apps have which permissions and there are 9 apps that can brick your phone!!
Does anybody know such an app which can brick the phone?
You should read this: http://www.zdnet.com/blog/burnette/cnet-retracts-article-on-android-app-privacy-threat/1987 and realize its all a scam to get people to buy an iphone.
They where listing one of the option as brick, anybody know if there's such option. and what it does, I doubt it would brick the phone in the real meaning...
either way anything that has a direct connection to the internet and access to your record is a potential risk, it is goog to be aware of this but pointing Android because it list such option is quite ridiculous since other OS doesn't even warn you about the fact that program can read your data...
Link: http://developer.android.com/reference/android/Manifest.permission.html
android.permission.BRICK
Required to be able to disable the device (very dangerous!).
Good lord, WIPE I could see.... BRICK!?
klausdieter79 said:
Link: http://developer.android.com/reference/android/Manifest.permission.html
android.permission.BRICK
Required to be able to disable the device (very dangerous!).
Click to expand...
Click to collapse
I think it's there in the SDK only for testing on the emulator. I'm quite sure none of the actual hardware devices would support it.. or at least I hope not
rohandhruva said:
I think it's there in the SDK only for testing on the emulator. I'm quite sure none of the actual hardware devices would support it.. or at least I hope not
Click to expand...
Click to collapse
I think it should be there, at least I have one use for it, an application to remotely lock your phone (or wipe critical information) in case of stole or lost phone. Definitely user should confirm this permission and should only do that if they completely trust the author.
bohlool said:
I think it should be there, at least I have one use for it, an application to remotely lock your phone (or wipe critical information) in case of stole or lost phone. Definitely user should confirm this permission and should only do that if they completely trust the author.
Click to expand...
Click to collapse
Remote locking is different from bricking. It makes no sense to "remotely brick" a stolen device, because then, even if you do get it back, it's useless.
But when you install the app, it has to display the permission
This application has access to the following:
Hardware controls
Brick your phone
rohandhruva said:
I think it's there in the SDK only for testing on the emulator. I'm quite sure none of the actual hardware devices would support it.. or at least I hope not
Click to expand...
Click to collapse
I'm sure there's some kind of app that can potentially brick your phone. No doubt you have to be rooted for it to have access to that ability. Clockwork ROM manager could potentially brick you're phone if you do something stupid (battery pull).
Read the permissions. Don't install what seems suspect. If the app tries to do something it doesn't have permission to do, the OS won't allow it. It's not like another app store where you have to rely on a fallible person to safeguard you.
Oh, and don't freak out when that free game you're looking at asks for internet access and your GPS location. It needs that info to serve you ads so it stays free. Don't be paranoid, nobody really cares about you, never mind enough to stalk you.
ATnTdude said:
I'm sure there's some kind of app that can potentially brick your phone. No doubt you have to be rooted for it to have access to that ability. Clockwork ROM manager could potentially brick you're phone if you do something stupid (battery pull).
Read the permissions. Don't install what seems suspect. If the app tries to do something it doesn't have permission to do, the OS won't allow it. It's not like another app store where you have to rely on a fallible person to safeguard you.
Oh, and don't freak out when that free game you're looking at asks for internet access and your GPS location. It needs that info to serve you ads so it stays free. Don't be paranoid, nobody really cares about you, never mind enough to stalk you.
Click to expand...
Click to collapse
The Clockwork ROM Manager application itself can't brick the phone - or at least it won't advertise that it can. The bricking is caused if the flashing process is interrupted, which is (strictly speaking) outside the purview of the app.
Also, what the OP found is just an ability to advertise to the user that installing this app can brick the phone. There is no mechanism by which an apk, running inside the dalvik jvm sandbox, can cause irrevocable hardware damage to the phone - at least none has been found yet.
Your last paragraph about games staying free and paranoia is just off-topic.
rohandhruva said:
The Clockwork ROM Manager application itself can't brick the phone - or at least it won't advertise that it can. The bricking is caused if the flashing process is interrupted, which is (strictly speaking) outside the purview of the app.
Also, what the OP found is just an ability to advertise to the user that installing this app can brick the phone. There is no mechanism by which an apk, running inside the dalvik jvm sandbox, can cause irrevocable hardware damage to the phone - at least none has been found yet.
Click to expand...
Click to collapse
1) You're Splitting hairs. We don't know what criteria the company that produced this study was using. Given that the whole thing was a springboard for advertising the need for their product, they're probably being more loose with the facts than you or I would. I used Clockwork as an example of how they might be interpreting the market.
2) I wasn't arguing against you. I was using your post to segue into my own. So do not take anything I said as something against your position. I, in fact, agree with your statement. I highly doubt a stock Android handset will allow you permission to brick it. I even doubt there is a root-only app that will purposefully brick your phone. I think SMobile Systems is borderline LYING to sell their unneeded product.
Your last paragraph about games staying free and paranoia is just off-topic.
Click to expand...
Click to collapse
XDA attracts a lot more than experts, many of which are not even vaguely familiar with Android permissions are, what app services might need them, nevermind the economics of the Android market. As such, given that I had in the previous sentence advised people to be critical of the permissions that apps request (I don't think most people look at them closely enough), I went the other way and told them not to be so careful as to enter the realm of paranoia. It's balanced advice and is therefore relevant to the topic.
Hopefully, this clears up any confusion. Cheers and good night...err morning, whatever you call 4AM.
ATnTdude, I don't mean to be brandishing swords or arguing.. Sorry if it seemed that way I just realised that the OP started this topic out of that stupid SMobile article. Had I read that before, I wouldn't have 'split hairs'! My bad :-/
luffyz said:
but when you install the app, it has to display the permission
this application has access to the following:
hardware controls
brick your phone
Click to expand...
Click to collapse
ahhahaha +1
@klausdieter79 Thanks for the link
I also hope it is not included in the regular phone library, I can easilly imagine someone granting this by mistake
Let's wait for someone to upload a one button app named accelerate and the only permission requested will be brick...
P00r said:
@klausdieter79 Thanks for the link
I also hope it is not included in the regular phone library, I can easilly imagine someone granting this by mistake
Let's wait for someone to upload a one button app named accelerate and the only permission requested will be brick...
Click to expand...
Click to collapse
I'm pretty much 100% certain you would have to have a rooted ROM for that to work...in which case, you probably know better than to install an app that requests permission to brick your phone
rohandhruva said:
ATnTdude, I don't mean to be brandishing swords or arguing.. Sorry if it seemed that way I just realised that the OP started this topic out of that stupid SMobile article. Had I read that before, I wouldn't have 'split hairs'! My bad :-/
Click to expand...
Click to collapse
I figured as much. It's all good.
ATnTdude said:
Oh, and don't freak out when that free game you're looking at asks for internet access and your GPS location. It needs that info to serve you ads so it stays free. Don't be paranoid, nobody really cares about you, never mind enough to stalk you.
Click to expand...
Click to collapse
OT, but I would be a little pissed if a developer was wasting my battery with GPS just to serve up targeted ads. There's no reason they couldn't use the much more battery efficient network location for that.
Hello all,
Wanted to start a thread on virus protection for the Xoom. Appologize up front if my search did not work on finding a thread on this already.
Any recommendations on a virus scanner for the Xoom?
I use lookout on my phone. Haven't look into getting anything on the Xoom yet.
I wouldn't bother. It doesn't need it. If there are any malicious market apps they will be smote by the hand of Google.
Galaxy Tab::Tapatalk
alias_neo said:
I wouldn't bother. It doesn't need it. If there are any malicious market apps they will be smote by the hand of Google.
Galaxy Tab::Tapatalk
Click to expand...
Click to collapse
Assuming they haven't already grabbed and foned-home all of your information
Kcarpenter said:
Assuming they haven't already grabbed and foned-home all of your information
Click to expand...
Click to collapse
Just be more careful what you download from the market and check the permissions.
Sent from my HTC Desire using Tapatalk
Kcarpenter said:
Assuming they haven't already grabbed and foned-home all of your information
Click to expand...
Click to collapse
While this is true, no AV client exists on the market today that can actually do any worthwhile AV scanning.
The problem is that there is no way for the AV clients to hook into the kernel to do real checking. Most apps out there today just look for malicious apps in /data/apps/ by doing a signature check against known bad things.
Kaspersky detects this in the S Note app. Seems very unlikely that this is a threat though I am curious about any other experiences and/or suggestions. Thanks.
Kyndig66 said:
Kaspersky detects this in the S Note app. Seems very unlikely that this is a threat though I am curious about any other experiences and/or suggestions. Thanks.
Click to expand...
Click to collapse
found this might help a bit ,but not a lot http://forum.xda-developers.com/showthread.php?t=2243189
jaythenut said:
found this might help a bit ,but not a lot http://forum.xda-developers.com/showthread.php?t=2243189
Click to expand...
Click to collapse
I did do a search before posting and saw similar stuff but nothing for this app on the N3. Haven't rooted yet but from what I've read so far it might be troublesome. This is from Juniper networks. http://www.juniper.net/us/en/local/pdf/additional-resources/jnpr-mobile-signatures.pdf
Edit: The offending apk is possibly hq2.itqmmi.hjbr_94100600_0.apk (taken from HERE). This report was updated three weeks ago.
I'll ditch it once I root. I have a lot of multitasking going on right now so unfortunately it may be a few days.
Hello friends.
I noticed than in my untouched 6p, my rom has a few packages that I've not seen before on AOSP, but were added by Huawei. Can anyone please shed some light on what these do, and if they can be safely frozen or removed?
com.android.huawei.hiddenmenu
com.huawei.callstatisticsutils
com.huawei.entitlement
com.huawei.mmitest aka HwMMITest
com.huawei.sarcontrolservice
Thanks and best regards.
psyonicus said:
Hello friends.
I noticed than in my untouched 6p, my rom has a few packages that I've not seen before on AOSP, but were added by Huawei. Can anyone please shed some light on what these do, and if they can be safely frozen or removed?
com.android.huawei.hiddenmenu
com.huawei.callstatisticsutils
com.huawei.entitlement
com.huawei.mmitest aka HwMMITest
com.huawei.sarcontrolservice
Thanks and best regards.
Click to expand...
Click to collapse
Probably not. Wbu would you want to remove them anyway?
Heisenberg said:
Probably not. Wbu would you want to remove them anyway?
Click to expand...
Click to collapse
Well because I don't know that they should be there in the first place. They were added by Huawei and therefore are not part of what a Nexus should be (similar to why I remove carrier specific packages), and especially because I don't trust anything I don't know what it does.
psyonicus said:
Well because I don't know that they should be there in the first place. They were added by Huawei and therefore are not part of what a Nexus should be (similar to why I remove carrier specific packages), and especially because I don't trust anything I don't know what it does.
Click to expand...
Click to collapse
they were added by the company that made the phone.
bingo!
psyonicus said:
Well because I don't know that they should be there in the first place. They were added by Huawei and therefore are not part of what a Nexus should be (similar to why I remove carrier specific packages), and especially because I don't trust anything I don't know what it does.
Click to expand...
Click to collapse
if you cared that much, they would be gone already, you would not be asking.
psyonicus said:
Hello friends.
I noticed than in my untouched 6p, my rom has a few packages that I've not seen before on AOSP, but were added by Huawei. Can anyone please shed some light on what these do, and if they can be safely frozen or removed?
com.android.huawei.hiddenmenu
com.huawei.callstatisticsutils
com.huawei.entitlement
com.huawei.mmitest aka HwMMITest
com.huawei.sarcontrolservice
Thanks and best regards.
Click to expand...
Click to collapse
You need them from what I understand.
the com.huawei.entitlement has to do with tethering
the com.huawei.mmitest aka HwMMITest has to do with all the hardware test
I'm not 100% sure what the others are, but rest assured, I'm sure they were approved by Google.
Ask Google support ^_^
Sent from my Nexus 6P using Tapatalk
And now the New York Times has reported snooping by Huawei
Hello psyonicus,
I posted this on the Google Nexus 6P forum yesterday so these modules you discovered are much more worrisome:
"I just read this NYT's article,
Secret Backdoor in Some U.S. Phones Sent Data to China, Analysts Say
It says that a Chinese firm, Adups, who makes software for updating a smartphone's firmware, was discovered by a US security company to be monitoring owners' phone usage. One of the two manufacturers who use Adups is Huawei, the maker of the 6P. Some quotes from the article:
"Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. "
"Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior"
"Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. "
Google, please assure us that this firmware is not in our Nexus 6P's!"
Since this is my first post, I wasn't allowed to include the link to the NYT's article but you can look it up easily from its title.
I hope others will now also follow up on this story.
Attached screen shots, Trustlook app says yes, but the Check Point Labs app says no. Should I treat the Trustlook app as a false positive or does anyone know for certain that there are vulnerabilities
8125Omnimax said:
Attached screen shots, Trustlook app says yes, but the Check Point Labs app says no. Should I treat the Trustlook app as a false positive or does anyone know for certain that there are vulnerabilities
Click to expand...
Click to collapse
Well you could try make a andro.apk with kali Linux and try to brute force that area remotely maybe. I suggest acquiring a better understanding of the / in the graphics module itself maybe study that file and look at other snapdragon files for comparison see if it's a problem in code else where then decide for yourself if it's worth fixing