Project

General

Profile

Android application permissions » History » Version 2

Ben, 04/10/2018 05:23 PM

1 2 Ben
For Android security patch analysis, the level of permissions requested are:
2 2 Ben
* ACCESS_NETWORK_STATE: To check for available network
3 2 Ben
* INTERNET: To download patch tests and upload test results
4 2 Ben
* RECEIVE_BOOT_COMPLETED: To check whether build version has changed since last test
5 1 Karsten
6 1 Karsten
7 2 Ben
For mobile network security tests, the level of permissions requested are:
8 2 Ben
9 2 Ben
* ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION: Allow you to record your location when IMSI catchers and security events are detected
10 2 Ben
* ACCESS_NETWORK_STATE: Is used to check for available network so that up or downloads can proceed
11 2 Ben
* ACCESS_SUPERUSER: To use the non API supported Qualcomm diagnosis interface to capture radio data, you need root access. See below.
12 2 Ben
* CALL_PHONE/ SEND_SMS / RECEIVE_SMS: Needed to make the test calls used to generate the network traffic to be analyzed
13 2 Ben
* GET_TASKS: Retrieve state of helper processes interacting with diagnostic interface
14 2 Ben
* INTERNET: Is used to download new data from gsmmap.org and to upload radio traces and debug logs upon user request
15 2 Ben
* READ/WRITE_EXTERNAL_STORAGE: To allow saving debug/trace logs to your SD card
16 2 Ben
* READ_PHONE_STATE: Used to detect what kind of network you are currently using (GSM,UMTS,LTE etc)
17 2 Ben
* RECEIVE_BOOT_COMPLETED: To start app automatically when phone is restarted 
18 2 Ben
* GET_TASKS: Retrieve state of helper processes interacting with diagnostic interface
19 2 Ben
* WAKE_LOCK: Stop phone from falling asleep during long-running analysis steps
20 2 Ben
21 2 Ben
In addition, the mobile network security tests require *root* privileges, which are only used to access the /dev/diag interface from which baseband information is read.