Like in title. Modern Android permission system is really annoying. It assumes I do not trust installed apps and I believe was made to promote loose installing of whatever crap like loyalty cards apps, while I only install a couple of trusted apps all from F-Droid. Such module would enable faster installation of the systems and less irritation when I have to give app a permission third time this month (Android now can decide for myself and revoke permission when it thinks it’s no longer needed…).

  • smileyheadOP
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    6
    ·
    9 months ago

    Can you give me any example scenario of the attack?

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      A browser app is compromised via a JavaScript engine flaw and now has permission to install packages.

      • smileyheadOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        This permissions I have on for my browser anyway, also I still need to click “install” on the popup here regardless of permission switch. And with my idea I was thinking about normal permissions, not special ones.

        • henfredemars@infosec.pub
          link
          fedilink
          English
          arrow-up
          2
          ·
          9 months ago

          This is easily bypassed by using the accessibility API which an all-permitted app can use to automatically handle dialogs.

          But yes, if you’re thinking some permissions are more special than others, it would depend on what permissions you are enforcing.

    • eatham 🇭🇲@aussie.zone
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      You accidentally download malware and instead of you denying permissions it shouldn’t have it has them automatically.