Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    November 2012
    S M T W T F S
    « Oct   Dec »
  • Email Subscription

  • About Us

    Archive for November 12th, 2012

    The permissions in Android devices are designed to guarantee that those Android apps without any declared permissions cannot do anything harmful to the mobile device. Or can they?

    How Android Permissions Work

    Before we get into the details, let’s see how Android permissions work.

    An Android app can access limited system resources. To access sensitive APIs, the app must declare permissions required in AndroidManiflest.XML file. These sensitive APIs include camera function, location data (GPS), Bluetooth and telephony functions, SMS/MMS functions and network/data connections.

    Once an app is installed, the App Installer shows the declared permissions to the user who either accepts or refuses them.

    If a user chooses to grant the permissions, these are applied to the app so long as it is installed. During runtime, the system will no longer notify the user when sensitive APIs are being accessed again. Declining these permissions, on the other hand, aborts the app installation.

    Once an app attempts to use a protected feature but failed to declare the required permission, the runtime system typically throws a security exception, which then terminates the app.

    Given these facts, it appears that the chances of bypassing permissions is slim. Unfortunately, some crafty developers may create apps that can circumvent permissions by abusing the following.
    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice