Pinterest Stumbleupon Whatsapp
Ads by Google

A new “No Permissions” application from Leviathan Security illustrates how easily Android applications can bypass user permissions. In a perfect world, Android’s permissions system would help users make informed decisions about the apps they install. But, as the new permission-breaking app shows, we don’t live in a perfect world.

The goal of the “No Permissions” app is to make public the ease with which permissions can be bypassed. When you install the app you are not asked to give the app access to your device’s memory. The app then presents you with buttons that access data the app wasn’t given permission for.

Some of that data can be quite personal, such as your device’s identification number, the SIM card’s vendor ID and information about your device’s version of Android. The app can also read data from your SD card, which means it could grab all of your photos and video at any time.

Does this mean your device is at immediate risk? Yes, it could be if you frequently download new apps. Android’s permission model is supposed to keep you protected by keeping you informed, but any flaws that bypass permissions render the model useless. MakeUseOf advocates the use of Android security apps The 3 Best Antivirus Apps To Protect Your Android Security The 3 Best Antivirus Apps To Protect Your Android Security As we’ve reported frequently at MakeUseOf, Android is no longer safe from malware. The number of threats is on the rise. This shouldn’t be surprise to anyone. Smartphones and tablets can carry all sorts of... Read More , and this is yet another example of why they’re necessary.

If you’d like to toy with the “No Permissions” app, you can download it from a page on Leviathan Security’s blog which also offers some explanation about how the app works.

Ads by Google

Source: Android Community

  1. Uplift Humanity
    April 15, 2012 at 3:25 am

    This illustrates the weak security structure upon which the entire Android OS is built upon, and the reluctance of Google's engineerS/management to strengthen it.

    I'm sure many people within Google, who have significant responsibility, knew the weak security that Android has -- and they knew this before launching it. I'm sure they understood why Apple chose to embody the "walled garden" approach to security.

    Google's intentional decision to leave a weak security structure shows their goal was not to benefit their users. Rather, their primary goal was to have as many people jump on their bandwagon as possible -- even if this meant fooling those users into believing Android had a semblance of security (when in reality it has very little safeguards).

    SHAME ON GOOGLE -- another example where they put themselves above their users.

    The average Internet or Android is not Google's customer. We are simply "sources of free information" to Google, so they don't feel obligated to help us. Their customers are only the companies that advertise through Google, and the companies that license Android (phone manufacturers). To Google, people/users are just "targets" (for advertising) and "Data Sources" who can be sold to their advertisers.

Leave a Reply

Your email address will not be published. Required fields are marked *