Announcement

Collapse
No announcement yet.

Android 6.0: M Is For Marshmallow

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by AnAkIn View Post
    I hope it will work as good as CM Privacy Guard, which means no crash when a permission is denied.
    The problem is that apps will now be aware of a permission being denied, so they could just quit the app every time you don't allow it, forcing you to do so in the end.
    Something for you to be aware of; privacy guard is *NOT* a "CM" feature. Its an AOSP feature, which was disabled by default due to being incomplete. It is now complete, which is why it is being enabled.

    Yes, older applications WILL still crash when permissions are denied. Sure is better than actually granting the permission.

    As far as being "forced" goes... if an application is so actively hostile that it forces unjustifiable permissions down your throat, then that is a VERY clear signal that you SHOULD NOT be running that software. Frankly, if any application in EARLIER versions was requesting permissions that weren't justified, THAT ALONE was a signal TO ALL people with at least 4 working neurons, that they shouldn't be installing it to begin with. Regardless of being able to decline permissions that are unjustified, I will continue to use the very REQUEST as a means of determining the degree of hostility in the software developers and will not run such garbage.

    Comment


    • #22
      Originally posted by AnAkIn View Post
      Unfortunately, that link provides information that proves that this new permissions framework is bullshit.
      "When the user installs or updates the app, the system grants the app all permissions listed in the manifest that fall under PROTECTION_NORMAL."

      PROTECTION_NORMAL includes;
      • android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
      • android.permission.ACCESS_NETWORK_STATE
      • android.permission.ACCESS_NOTIFICATION_POLICY
      • android.permission.ACCESS_WIFI_STATE
      • android.permission.ACCESS_WIMAX_STATE
      • android.permission.BLUETOOTH
      • android.permission.BLUETOOTH_ADMIN
      • android.permission.BROADCAST_STICKY
      • android.permission.CHANGE_NETWORK_STATE
      • android.permission.CHANGE_WIFI_MULTICAST_STATE
      • android.permission.CHANGE_WIFI_STATE
      • android.permission.CHANGE_WIMAX_STATE
      • android.permission.DISABLE_KEYGUARD
      • android.permission.EXPAND_STATUS_BAR
      • android.permission.FLASHLIGHT
      • android.permission.GET_ACCOUNTS
      • android.permission.GET_PACKAGE_SIZE
      • android.permission.INTERNET
      • android.permission.KILL_BACKGROUND_PROCESSES
      • android.permission.MODIFY_AUDIO_SETTINGS
      • android.permission.NFC
      • android.permission.READ_SYNC_SETTINGS
      • android.permission.READ_SYNC_STATS
      • android.permission.RECEIVE_BOOT_COMPLETED
      • android.permission.REORDER_TASKS
      • android.permission.REQUEST_INSTALL_PACKAGES
      • android.permission.SET_TIME_ZONE
      • android.permission.SET_WALLPAPER
      • android.permission.SET_WALLPAPER_HINTS
      • android.permission.SUBSCRIBED_FEEDS_READ
      • android.permission.TRANSMIT_IR
      • android.permission.USE_FINGERPRINT
      • android.permission.VIBRATE
      • android.permission.WAKE_LOCK
      • android.permission.WRITE_SYNC_SETTINGS
      • com.android.alarm.permission.SET_ALARM
      • com.android.launcher.permission.INSTALL_SHORTCUT
      • com.android.launcher.permission.UNINSTALL_SHORTCUT

      Changing network states, access internet, get accounts, modify audio settings... so, without requesting "special" permissions, an application can steal your list of accounts (google, email, etc.), send it all off to china, even if the network is disabled... turn on your microphone, and stream microphone data to china. Wow.

      EVERYTHING account and network related, should NOT be "normal".

      Comment


      • #23
        Originally posted by droidhacker View Post

        Unfortunately, that link provides information that proves that this new permissions framework is bullshit.
        "When the user installs or updates the app, the system grants the app all permissions listed in the manifest that fall under PROTECTION_NORMAL."

        PROTECTION_NORMAL includes;
        Changing network states, access internet, get accounts, modify audio settings... so, without requesting "special" permissions, an application can steal your list of accounts (google, email, etc.), send it all off to china, even if the network is disabled... turn on your microphone, and stream microphone data to china. Wow.

        EVERYTHING account and network related, should NOT be "normal".
        If an app requests these permissions they are granted without any additional warnings. It doesn't mean every app automatically has all of these permissions. If an app doesn't request any of these permissions at install time it can't silently use them later on. So: When you install an app, take a look at what kind of permissions it requests, and don't install it if you don't agree with the list. Also, with Android M you'll be able to revoke those permissions again. So just revoke them before you launch the app for the first time.

        Also, an app can't really "steal" your account. It can get access to your Google account name and avatar. It can't access your password. Yes, I would classify this information as private as well. As above, don't install the app if it requests funny permissions, or contact the developer the clarify what they're using them for.

        And if an app "forces" you to grant these permissions? Stop using it, and give it a bad review. See how fast the developers adapt, and if they don't tell them to f*ck off.

        Comment


        • #24
          Originally posted by droidhacker View Post

          Unfortunately, that link provides information that proves that this new permissions framework is bullshit.
          "When the user installs or updates the app, the system grants the app all permissions listed in the manifest that fall under PROTECTION_NORMAL."

          PROTECTION_NORMAL includes;
          • android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
          • android.permission.ACCESS_NETWORK_STATE
          • android.permission.ACCESS_NOTIFICATION_POLICY
          • android.permission.ACCESS_WIFI_STATE
          • android.permission.ACCESS_WIMAX_STATE
          • android.permission.BLUETOOTH
          • android.permission.BLUETOOTH_ADMIN
          • android.permission.BROADCAST_STICKY
          • android.permission.CHANGE_NETWORK_STATE
          • android.permission.CHANGE_WIFI_MULTICAST_STATE
          • android.permission.CHANGE_WIFI_STATE
          • android.permission.CHANGE_WIMAX_STATE
          • android.permission.DISABLE_KEYGUARD
          • android.permission.EXPAND_STATUS_BAR
          • android.permission.FLASHLIGHT
          • android.permission.GET_ACCOUNTS
          • android.permission.GET_PACKAGE_SIZE
          • android.permission.INTERNET
          • android.permission.KILL_BACKGROUND_PROCESSES
          • android.permission.MODIFY_AUDIO_SETTINGS
          • android.permission.NFC
          • android.permission.READ_SYNC_SETTINGS
          • android.permission.READ_SYNC_STATS
          • android.permission.RECEIVE_BOOT_COMPLETED
          • android.permission.REORDER_TASKS
          • android.permission.REQUEST_INSTALL_PACKAGES
          • android.permission.SET_TIME_ZONE
          • android.permission.SET_WALLPAPER
          • android.permission.SET_WALLPAPER_HINTS
          • android.permission.SUBSCRIBED_FEEDS_READ
          • android.permission.TRANSMIT_IR
          • android.permission.USE_FINGERPRINT
          • android.permission.VIBRATE
          • android.permission.WAKE_LOCK
          • android.permission.WRITE_SYNC_SETTINGS
          • com.android.alarm.permission.SET_ALARM
          • com.android.launcher.permission.INSTALL_SHORTCUT
          • com.android.launcher.permission.UNINSTALL_SHORTCUT


          Changing network states, access internet, get accounts, modify audio settings... so, without requesting "special" permissions, an application can steal your list of accounts (google, email, etc.), send it all off to china, even if the network is disabled... turn on your microphone, and stream microphone data to china. Wow.

          EVERYTHING account and network related, should NOT be "normal".
          This was changed in Developer 3 preview. I guess they didn't update the page yet. Afaik, microphone is its own permission category so you need permission for that.

          https://developer.android.com/previe...preview3-notes

          • The GET_ACCOUNTS permission is now a member of the CONTACTS permission group and it has aandroidrotectionLevel of dangerous. This change means that when targeting Android 6.0 (API level 23), you must check for and request this permission if your app requires it.


          Comment

          Working...
          X