5

I understand what Android permissions mean and I have a specific question about two telephony permissions.

I've been using XPrivacy for a while and noticed that many apps that ostensibly have nothing to do with the low-level telephony features, nevertheless make repeated calls to getSimOperatorName() and getNetworkOperatorName(). MyFitnessPal Calorie Counter is one such app.

What need would ordinary apps have to call these methods?

For example, why would MyFitnessPal care I'm using AT&T or Verizon, when the app could be running just fine on a Wi-Fi only device?

Community
  • 1
Dan Dascalescu
  • 236
  • 1
  • 2
  • 13

2 Answers2

0

I have read that Android applications created through a standard method are set by the creating software to ask for certain permissions by default, even if the developer did not pick them. The permissions you mention may be among those. So the developer might not be interested in them at all.

Cerberus
  • 403
  • 5
  • 16
  • Do you mean that some app generators might just dump code in the app or libraries that makes those calls? – Dan Dascalescu Jan 08 '16 at 01:57
  • Where you read that matters here. Consider linking it since you're not sure either whether the case is true or not, at least at this moment. – Firelord Jan 08 '16 at 02:03
  • @DanDascalescu: I don't know how people make an Android app. But I was told most people use a certain thing to do so, and that this thing automatically adds those permissions. The word "SDK" comes to mind, although I don't know exactly what it means. I'm afraid I don't understand it well enough to be more specific, but it came from someone knowledgeable. – Cerberus Jan 08 '16 at 16:37
  • @Firelord: I'm afraid I'm not sure where I read it. It was probably in some discussion about Xprivacy. Perhaps it was Marcel Bokhorst himself who mentioned it on Github. – Cerberus Jan 08 '16 at 16:39
  • @Cerberus you overlook one crucial detail here: OP pointed out XPrivacy explicitly showed apps made *repeated calls* to those (XPrivacy logs that). So it's not just "some default permission granted", but definitely information accessed. – Izzy Jan 08 '16 at 22:43
  • 1
    @Izzy: would it be possible that some app building IDE generates boilerplate code that makes those calls regardless of what the app does? – Dan Dascalescu Jan 08 '16 at 23:09
  • 1
    @DanDascalescu that might well be – though I'd rather suspect some ad frameworks behind that (again outside the realm of the app-dev who only includes a framework for revenue in that case, but usually cannot tell what exactly that framework does). One could try an app to Identify Ad-Modules and do some research on the findings to prove that right or wrong. – Izzy Jan 08 '16 at 23:20
  • 1
    @Izzy: I don't recall any conexion to advertising networks. Minmin Guard shows me some advertising networks that applications are using, and I have plenty of applications that ask for e.g. identity and sensors that don't have any apparent advertisements. – Cerberus Jan 09 '16 at 03:16
  • @Cerberus To clarify, the SDK is mainly where you take the ability from to communicate with the android system. So, in an app you tell the SDK for example to display sime text (simplified) and it displays it. – Namnodorel Mar 28 '16 at 18:42
0

Those settings are often used to block the usage of the application in some regions, like embargoed countries. If the app would rely only on IP address location, for example, the user could bypass the protection just by using a VPN.

By relying on information provided by the Operating System based on the current inserted SIM card, the only way to bypass this security would be reverse engineering the app or the OS itself.

Abraham Toledo
  • 101
  • 2