Like in title. Modern Android permission system is really annoying. It assumes I do not trust installed apps and I believe was made to promote loose installing of whatever crap like loyalty cards apps, while I only install a couple of trusted apps all from F-Droid. Such module would enable faster installation of the systems and less irritation when I have to give app a permission third time this month (Android now can decide for myself and revoke permission when it thinks it’s no longer needed…).

    • smileyheadOP
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      6
      ·
      10 months ago

      Can you give me any example scenario of the attack?

      • henfredemars@infosec.pub
        link
        fedilink
        English
        arrow-up
        3
        ·
        10 months ago

        A browser app is compromised via a JavaScript engine flaw and now has permission to install packages.

        • smileyheadOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          This permissions I have on for my browser anyway, also I still need to click “install” on the popup here regardless of permission switch. And with my idea I was thinking about normal permissions, not special ones.

          • henfredemars@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            10 months ago

            This is easily bypassed by using the accessibility API which an all-permitted app can use to automatically handle dialogs.

            But yes, if you’re thinking some permissions are more special than others, it would depend on what permissions you are enforcing.

      • eatham 🇭🇲@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        You accidentally download malware and instead of you denying permissions it shouldn’t have it has them automatically.