Open IzzySoft opened 7 years ago
Yes. I've checked and found permissions are always different. LibRadar's permission detection is based on API. We referred database of Pscout Apps' permissions are written in the manifest file. They are sometimes different because some permissions that an API need are not recorded in manifest file. Maybe that API can be ignore or the function is not very important, but it really exists in the code, so we take the permission as existence though the permission is not applied in manifest file.
OK, thanks. Thought something along those lines already – having read of some "intrusive ad modules" having few "hard requirements" (e.g. INTERNET
only) – but grabbing anything the app itself has access to (e.g. READ_CONTACTS
) if available. So basically, they try to access it – but have a catch block in case they fail. That's the same you're pointing at?
in the lastest Pscout website, many APIs uses permission android.permission.DUMP and I don't know why. It appears that after this update, many libraries will contains permission android.permission.DUMP.
I somehow doubt they really do use that. Rather unlikely. Not that usual, this permission.
Not sure if this is still relevant, but I found this in the "REAPER: Real-time App Analysis ..." paper:
When comparing the mappings of PScout and AXPLORER, we find various differences in their results; in API 22 AXPLORER registers the function getWifiState() in net.wifi.WifiManager with the ACCESS_WIFI_STATE permission. On the contrary, PScout registers the same function with the DUMP permission. As such, it is important to dynamically validate the permission mappings ...
For the app CameraFilter, LibRadar found the library Android Support v4 being used and accessing functions requiring the permissions
android.permission.ACCESS_NETWORK_STATE
,android.permission.WAKE_LOCK
andandroid.permission.VIBRATE
. However, the app itself just declaresCAMERA
,READ_EXTERNAL_STORAGE
andWRITE_EXTERNAL_STORAGE
in its Manifest – not a single match here.So how should the permissions reported for a library be interpreted?
(Note: if you want to check for yourself, the
.apk
can be downloaded from the page behind the first link)