Apps without permissions: Should you be worried about Android’s latest security scare?

The latest security threat for the Android world deals with apps that don’t require permissions. Paul Brodeur from Leviathan reported about the possibility that an app with no permissions could actually access your data from your physical  or internal SD card. An app such as this could access all non-hidden files and scan them for any information, including any sensitive info. Since the app itself doesn’t have permission to access the internet, it would have to open the browser to send the information. Not an easy task without you knowing it’s being done, but someone could come up with some sort of trick.


Lets be honest folks, should you be keeping any data on your SD card that is sensitive? Forget about apps, what happens if you misplace your phone or it gets into the wrong hands? Anybody could access your SD card to get to those contents. Okay so you’re not saving anything sensitive to your SD card, is there any other potential?

Well the folks at The Verge came up with an issue with photos. If your geolocation is saved with every photo you take, then an app such as this could potentially find out where you’ve been like your home, work, etc. To be honest, again, if you lose your phone, whomever found it could do the same. Hopefully they will use that information in a productive manner by bringing your phone back, but again, if you don’t want people to ever find out where you’ve been, then turn off geotagging on your device. Every phone is different, but you should find the settings in your camera app.

This is just another scare that you should be aware if, but lets not panic. Our phones are important to us, but you have to use your common sense about what data you keep on it.

sources: theverge and leviathan

 


About the Author: Robert Nazarian

Robert lives in upstate New York where he was born and raised. Technology was always his passion. His first computer was a Radio Shack TRS80 Color that used a cassette tape to save programs, and his first laptop was a Toshiba T1200FB that sported a CGA greyscale screen and two 720kb floppy drives (no hardrive). From the early 90’s through late 2011, he only owned Motorola phones starting with the MircroTAC all the way through to the Droid X. He broke that streak when he bought the Galaxy Nexus. Now he's sporting a Galaxy Note 4, and absolutely loves it. He has a wonderful wife and a 6 year old son. In his free time he enjoys sports, movies, TV, working out, and trying to keep up with the rapid fast world of technology.


  • Ickyfehmleh

    Not every device has the ability to have an SDcard — some, like the Galaxy Nexus, only have onboard storage; one has no choice but to store potentially sensitive data on the phone.

    There would be really nothing stopping two applications working in tandem, one gleaning the information and writing it out to a file, the other (with some sort of communication permissions) looks for that file and shares it.  This scenario would be especially troublesome to “rooted” users, since applications could request superuser permissions ostensibly to do something awesome but instead could traverse the filesystem with nothing standing in its way.

    • derekmorr

      What’s worse is that on devices without a physical SD card (like the Galaxy Nexus), Android mounts /mnt/sdcard as a FUSE filesystem and turns off permission checking. So they emulate the bug rather than fix it.