Let's say an app doesn't require any permissions at all. What could that app access that could be a potential privacy risk? Other app usage? List of installed apps? Check is my screen unlocked? Google Analytics?
Asked
Active
Viewed 138 times
1
-
1Nothing prevents a seemingly an innocent app to exploit a privilege-escalation vulnerability to take control of your precious and private data. Learn about QuadRoot to know more. https://blog.checkpoint.com/2016/08/07/quadrooter/ // Related question: https://android.stackexchange.com/q/208508/96277 – Firelord Nov 05 '19 at 21:39
-
Closely related: Are multiple-users protected from each other differently than apps?. – Irfan Latif Nov 06 '19 at 01:55
1 Answers
2
- Permissions change with practically with every Android version , so without specifying the Android version, it is difficult to answer. Notwithstanding that, for a primer on permissions and to see how how crazy, it actually is, see The Android authorization model: a perfidious construct
Sourced from Izzy's blog (thanks)
*Permissions do not define what all an app can access, which is covered in Irfan's answer. Also see Izzy's primer on permissions
- App description of XPrivacy Lua, which is an Xposed module, to protect privacy. Information below can be accessed without permissions (readers are welcome to add)
Use analytics (Fabric/Crashlytics, Facebook app events, Firebase Analytics, Google Analytic, Mixpanel, Segment)
Usetracking ( user agent for WebView only, Build properties, network/SIM country/operator)
beeshyams
- 40,739
- 30
- 119
- 269