Android SECURITY - Selectively control App's permissions?

Discussion in 'Android Forum' started by samsonite801, Aug 25, 2010.

  1. samsonite801
    Offline

    samsonite801 Member

    Joined:
    Jun 11, 2010
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Is there some way to selectively control an application's permissions? Since the app's apk is signed it doesn't look like I could edit its AndroidManifest.xml file. If there was some way to edit an app's permissions from the Android side of the system, or even just a selective firewall so I can control which apps can send out SMS, or access the internet connection (WiFi or 3G). I just see too many apps on the market that look interesting, but since they have no business at all reading my contact info, or having full internet access, I just cannot install them. But if I could just figure out how to turn off a permission manually for specific apps, then I could just make it so none of them can even connect to the internet in the first place, so that it would be a true sandbox with no HOLES in it. Because what good is a sandbox that has a hole going to your personal info, and a hole going to your contacts list, and a hole going to the WWW, etc. Why would they ever need root access to your stupid phone when they could just get all your private data and sell it for enough money to buy 1000 of your phones.

    I also don't like the nature of how an app can just have generic access to reading/writing to your entire SD card. This way, one app with access to your personal info (but does not have full internet access) can write personal data to a cache file in your SD card, and then they can have another app with the same certificate or have a group permission in their AndroidManifest.xml so their company (using a different company name in the market), could use that unsuspecting app to read that same cache file (which has full internet access) and can send that data out the pipe to their server. Each app should be a granted a sandbox space on the SD card that only that app can R/W to.

    Heck they could even upload all of your Nandroid backups to their server if they wanted which have all your data in them. All from some music app say, that has full internet access and has full R/W access to your SD Card.

    I just wanna turn off full internet access to several apps which I regularly use.

    Could anybody here who knows this, please, pretty please, point me in the right direction?
     
  2. aminaked
    Offline

    aminaked Silver Member

    Joined:
    Jan 10, 2010
    Messages:
    2,183
    Likes Received:
    0
    Trophy Points:
    101
    Location:
    California, USA
    Ratings:
    +0
    I don't have your answer but I like your idea.
     
  3. samsonite801
    Offline

    samsonite801 Member

    Joined:
    Jun 11, 2010
    Messages:
    150
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    Found the answer! ( code.google.com/p/droidwall/ )

    Droid Wall + IPtables = selective control over which apps can use WiFi or 3g.

    Droid Wall has now just been released into the market but it won't work without root access, and it also needs iptables v1.4.7 installed or it will have errors. If you download this zip file:

    http://i2x.de/~oclock/Eight-Minutes-to-Eight-oClock-AM-signed.zip


    ...and extract the /system/bin/iptables bin from it and copy it to your /system/bin folder then you will have the v1.4.7 version (just for kicks, back up your old iptables binary just in case).

    Then, install Droid Wall. Now, for me, in order for it to work, I had to toggle the setting from checking box 'whitelists' app, to instead be set to checking box 'blacklists' the app. This was the only way that the firewall would actually block the apps from being able to connect, but low and behold, it does work. It is a full fledged, turn-key firewall solution.

    And the good news is that the battery lasts longer when you block most all apps you don't use or have no business needing internet anyway, and I also notice the phone seems like it is not as 'busy' under the covers or after waking up now. It also seems like the internet for the other things you use now is faster since other apps can't hog up all the pipe anymore.
    .
    .
     
    Last edited: Sep 1, 2010
  4. dandv
    Offline

    dandv New Member

    Joined:
    Jan 14, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Silicon Valley, CA
    Ratings:
    +0
    Droidwall

    DroidWall is great, but it's only a partial answer.

    Some apps genuinely need Internet access, but not address book access; or you don't need the social networking features that require access to contacts. So you want to allow the app Internet access, but not Contact or Messages access.

    We still need a solution to this: how to deny an app access to contacts or messages or calendar etc.
     
  5. dandv
    Offline

    dandv New Member

    Joined:
    Jan 14, 2010
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Silicon Valley, CA
    Ratings:
    +0
    There are several Google Code issues that try to resolve this problem. Users beg for permissions to be grantable selectively:

    Issue 6266 - the most voted on, but has an idiotic title
    Issue 6600 - well described, but only 3 comments
    Issue 3778 - the original issue, which developers deemed "Won't Fix"
     
Search tags for this page
android app permissions explained
,
android block access to contacts
,

android change app permissions

,
android permission modifier
,
android permission remove
,

block permissions android

,

change android app permissions

,
how to change app permissions on android
,
how to set app permissions android
,
restrict app permissions android