Permissões desconhecidas na análise virológica -- stock-android campo com google-account campo com permissions campo com system-apps camp android Relacionado O problema

Unknown Permissions on VirusTotal analysis


3
vote

problema

português

Eu notei um comportamento incomum e indesejado de alguns dos meus aplicativos do sistema, mais notavelmente o Google Play Services, o Gerente de Conta do Google e o Google Services Framework. Esses aplicativos fazem com que a força feche em suas próprias operações, bem como as de outros aplicativos, parecem ter a capacidade de assumir a funcionalidade do meu telefone completamente às vezes.

Então, usei a ferramenta Virustotal.com para analisar as permissões nesses aplicativos para determinar se eles estão presentes com os recursos corretos embutidos para a versão que veio pré-instalado no telefone. Para cada um desses aplicativos, eles retornaram entre 10-20 permissões adicionais cada um que eles não foram projetados para ter, sugerindo que eles foram adulterados.

Meu telefone não está enraizado ou modificado de forma alguma e eu tive por menos de um ano. Estas permissões adicionais foram rotuladas:

.

(permissão desconhecida da Referência do Android)

Designando essas permissões específicas como não sendo nativas desses aplicativos. Algumas dessas permissões são projetadas especificamente para transmissão e comunicação de dados via C2DM e GTalk para outros dispositivos, bem como a exposição de detalhes da conta salvos, incluindo senhas. Isso me leva a concluir que informações pessoais sensíveis vazam para terceiros. Aqui está a saída para o Gerente de Conta do Google como exemplo:

  /dev/block/mmcblk0p23   

Quem devo trazer esta informação para a atenção? É bem certo que meu telefone está completamente comprometido?

Inglês Original

I have noticed unusual and unwanted behavior from a few of my system apps, most notably Google Play Services, Google Account Manager, and Google Services Framework. These apps cause force closes on their own operations as well as those of other apps, they seem to have the capability to take over functionality of my phone completely at times.

So, I used the Virustotal.com tool to analyze permissions on these apps to determine if they are present with the right capabilities built into them for the version that came pre-installed on the phone. For each of these apps, they returned between 10-20 additional permissions each that they were not designed to have, suggesting that they have been tampered with.

My phone is not rooted or modified in any way and I have had it for less than a year. These additional permissions were labeled:

(Unknown permission from android reference)

designating these specific permissions as not being native to these apps. Some of these permissions are specifically designed for transmission and communication of data via C2DM and Gtalk to other devices, as well as exposure of saved account details including passwords. This leads me to conclude that sensitive personal information has been leaked to third parties. Here is the output for Google Account Manager as an example:

VirusTotal SHA256:     602db0ceb05877fb6996fd2a3510721d0e32463a6e784ba5cc60ae1f71bb3226 File name:  GoogleLoginService.apk Detection ratio:    0 / 53 Analysis date:  2014-07-20 19:04:51 UTC ( 9 months, 1 week ago ) 0 0      Analysis     File detail     Additional information     Comments 0     Votes     Behavioural information  The file being studied is Android related! APK Android file more specifically. The application's main package name is com.google.android.gsf.login. The internal version number of the application is 19. The displayed version string of the application is 4.4.4-1215936. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 17. Risk summary The studied DEX file makes use of API reflection Permissions that allow the application to access Internet Permissions that allow the application to access private information Other permissions that could be considered as dangerous in certain scenarios Required permissions android.permission.CHANGE_NETWORK_STATE (change network connectivity) android.permission.READ_SYNC_SETTINGS (read sync settings) com.google.android.providers.gsf.permission.READ_GSERVICES (Unknown permission from android reference) android.permission.USE_CREDENTIALS (use the authentication credentials of an account) android.permission.DUMP (retrieve system internal status) android.permission.READ_LOGS (read sensitive log data) android.permission.WRITE_PROFILE (write the user's personal profile data) android.permission.CHANGE_COMPONENT_ENABLED_STATE (enable or disable application components) android.permission.READ_SYNC_STATS (read sync statistics) android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot) android.permission.INTERNET (full Internet access) com.google.android.googleapps.permission.GOOGLE_MAIL_SWITCH (Unknown permission from android reference) android.permission.BACKUP (control system back up and restore) com.google.android.googleapps.permission.GOOGLE_AUTH.youtube (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_READ (read subscribed feeds) android.permission.MANAGE_ACCOUNTS (manage the accounts list) com.google.android.gtalkservice.permission.GTALK_SERVICE (Unknown permission from android reference) com.google.android.permission.BROADCAST_DATA_MESSAGE (Unknown permission from android reference) com.google.android.googleapps.permission.GOOGLE_AUTH.YouTubeUser (Unknown permission from android reference) android.permission.PERSISTENT_ACTIVITY (make application always run) com.google.android.googleapps.permission.GOOGLE_AUTH.ALL_SERVICES (Unknown permission from android reference) com.android.vending.TOS_ACKED (Unknown permission from android reference) android.permission.ACCESS_NETWORK_STATE (view network status) com.google.android.providers.settings.permission.READ_GSETTINGS (Unknown permission from android reference) com.google.android.providers.settings.permission.WRITE_GSETTINGS (Unknown permission from android reference) com.google.android.googleapps.permission.GOOGLE_AUTH (Unknown permission from android reference) android.permission.WRITE_CONTACTS (write contact data) android.permission.WRITE_SYNC_SETTINGS (write sync settings) android.permission.AUTHENTICATE_ACCOUNTS (act as an account authenticator) android.permission.BROADCAST_STICKY (send sticky broadcast) com.android.vending.billing.BILLING_ACCOUNT_SERVICE (Unknown permission from android reference) android.permission.WRITE_SETTINGS (modify global system settings) android.permission.READ_PHONE_STATE (read phone state and identity) com.google.android.googleapps.permission.GOOGLE_AUTH.mail (Unknown permission from android reference) com.android.vending.INTENT_VENDING_ONLY (Unknown permission from android reference) com.google.android.providers.talk.permission.READ_ONLY (Unknown permission from android reference) com.google.android.googleapps.permission.ACCESS_GOOGLE_PASSWORD (Unknown permission from android reference) com.google.android.providers.talk.permission.WRITE_ONLY (Unknown permission from android reference) android.permission.VIBRATE (control vibrator) com.android.chrome.TOS_ACKED (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_WRITE (write subscribed feeds) android.permission.ACCESS_WIFI_STATE (view Wi-Fi status) com.android.vending.billing.ADD_CREDIT_CARD (Unknown permission from android reference) android.permission.WAKE_LOCK (prevent phone from sleeping) android.permission.CHANGE_WIFI_STATE (change Wi-Fi status) android.permission.READ_CONTACTS (read contact data) com.android.vending.billing.IBillingAccountService.BIND2 (Unknown permission from android reference) android.permission.READ_PROFILE (read the user's personal profile data) com.google.android.gtalkservice.permission.SEND_HEARTBEAT (Unknown permission from android reference) android.permission.GET_ACCOUNTS (discover known accounts) Permission-related API calls ACCESS_NETWORK_STATE Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/google/android/gsf/loginservice/BaseActivity;->hasNetworkConnection()Z READ_PHONE_STATE Landroid/telephony/TelephonyManager;->getLine1Number()Ljava/lang/String; called from Lcom/google/android/gsf/login/RecoveryDataActivity;->initViews(Landroid/os/Bundle;)V USE_CREDENTIALS Landroid/accounts/AccountManager;->invalidateAuthToken(Ljava/lang/String; Ljava/lang/String;)V called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->invalidateAuthToken(Ljava/lang/String;)V INTERNET Ljava/net/ServerSocket;-><init>(I)V called from Lcom/google/android/common/http/TestHttpServer;-><init>(I)V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/common/GoogleWebContentHelper;->initializeViews()V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/gsf/login/CustomWebView;-><init>(Landroid/content/Context;)V VIBRATE Landroid/app/NotificationManager;->notify(I Landroid/app/Notification;)V called from Lcom/google/android/gms/auth/GoogleAuthUtil;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Landroid/os/Bundle;)Ljava/lang/String; ACCESS_WIFI_STATE Landroid/net/wifi/WifiManager;->getWifiState()I called from Lcom/google/android/gsf/login/SetupWirelessActivity;->tryEnablingWifi()Z GET_ACCOUNTS Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/BaseActivity;->isFirstAccount()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/AccountIntroActivity;->maybeSkipAccountSetup()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V READ_SYNC_SETTINGS Landroid/content/ContentResolver;->getIsSyncable(Landroid/accounts/Account; Ljava/lang/String;)I called from Lcom/google/android/gsf/login/SyncSettingsFragment;->updateListViewData(Landroid/accounts/Account;)V CHANGE_COMPONENT_ENABLED_STATE Landroid/content/pm/PackageManager;->setApplicationEnabledSetting(Ljava/lang/String; I I)V called from Lcom/google/android/gsf/login/ShowErrorActivity;->onClick(Landroid/view/View;)V MANAGE_ACCOUNTS Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteAllAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteOneAccount(Ljava/lang/String;)V AUTHENTICATE_ACCOUNTS Landroid/accounts/AccountManager;->getUserData(Landroid/accounts/Account; Ljava/lang/String;)Ljava/lang/String; called from Lcom/google/android/gsf/loginservice/GoogleLoginService;->accountHasFeatures(Landroid/accounts/AccountManager; Landroid/accounts/Account; [Ljava/lang/String;)Z Activities com.google.android.gsf.login.AccountIntroActivity com.google.android.gsf.login.AccountPreIntroUIActivity com.google.android.gsf.login.AccountIntroUIActivity com.google.android.gsf.login.PlusQueryActivity com.google.android.gsf.login.PlusFaqActivity com.google.android.gsf.login.NameActivity com.google.android.gsf.login.BadNameActivity com.google.android.gsf.login.PhotoActivity com.google.android.gsf.login.LearnMoreActivity com.google.android.gsf.login.WaitForDeviceCountryActivity com.google.android.gsf.login.CaptchaActivity com.google.android.gsf.login.SetupWirelessIntroActivity com.google.android.gsf.login.SetupWirelessActivity com.google.android.gsf.login.LoginActivity com.google.android.gsf.login.EduLoginActivity com.google.android.gsf.login.UsernamePasswordActivity com.google.android.gsf.login.PrepareAccountSetupActivity com.google.android.gsf.login.LoginActivityTask com.google.android.gsf.login.ShowErrorActivity com.google.android.gsf.login.SyncIntroActivity com.google.android.gsf.login.CreateAccountActivity com.google.android.gsf.login.PlusActivity com.google.android.gsf.login.PlusCheckTask com.google.android.gsf.login.UsernameActivity com.google.android.gsf.login.CreateAccountTask com.google.android.gsf.login.ProfileTask com.google.android.gsf.login.NameCheckTask com.google.android.gsf.login.CheckAvailTask com.google.android.gsf.login.SuggestUsernameActivity com.google.android.gsf.login.VerifyProfileActivity com.google.android.gsf.login.ChoosePasswordActivity com.google.android.gsf.login.RecoveryIntroActivity com.google.android.gsf.login.GetCountryListTask com.google.android.gsf.login.RecoveryDataActivity com.google.android.gsf.login.AccountSecurityActivity com.google.android.gsf.login.PicassaInfoActivity com.google.android.gsf.login.GoogleServicesActivity com.google.android.gsf.login.TermsOfServiceActivity com.google.android.gsf.login.BrowserActivity com.google.android.gsf.loginservice.GrantCredentialsPermissionActivity Services com.google.android.gsf.loginservice.GoogleLoginService Receivers com.google.android.gsf.login.DevicePolicyActivatedReceiver Service-related intent filters com.google.android.gsf.loginservice.GoogleLoginService actions: android.accounts.AccountAuthenticator, com.google.android.gsf.action.GET_GLS Activity-related intent filters com.google.android.gsf.login.AccountIntroActivity actions: com.google.android.accounts.AccountIntro, android.intent.action.MAIN categories: android.intent.category.DEFAULT Receiver-related intent filters com.google.android.gsf.login.DevicePolicyActivatedReceiver actions: com.google.android.apps.enterprise.dmagent.AUTO_REGISTRATION_FINISHED Code-related observations The application does not load any code dynamically The application contains reflection code The application does not contain native code The application does not contain cryptographic code Application certificate information Issuer     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android Subject     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android 

Who should I bring this information to the attention to? Is it pretty much certain that my phone is completely compromised?

           

Lista de respostas

1
 
vote

Embora eu concordo que há algo errado com sua compatibilidade do Google Apps, não acho que esses aplicativos sejam comprometidos.

Android SDK (kit de desenvolvimento de software) fornece algumas permissões padrão listadas em Sua documentação oficial (e Alguns dos detalhes sobre o Android.se < / a>).

Além disso, o Android permite que seu desenvolvedor Declare novas permissões Para ser usado por outros aplicativos. Como pode ser visto, o Google faz isso com exemplo de GTalk ( com.google.android.gtalkservice.permission.GTALK_SERVICE ). É normal para um aplicativo (ainda mais, do mesmo desenvolvedor) para usar a permissão personalizada para suas necessidades.

Agora, a razão pela qual os rótulos virustotais são como "permissão desconhecida" porque, acredito, só verifica as permissões padrão, o que é razoável, uma vez que não há referências para todas as permissões personalizadas definidas por outras Apps. (Virustotal provavelmente poderia trabalhar em conjunto com o Google ou outras empresas confiáveis ​​para armazenar suas permissões personalizadas como "conhecidas", mas está fora do contexto).

Então a conclusão é "permissão desconhecida" não significa que o aplicativo seja adulterado / comprometido. Não é apenas uma permissão padrão do Android SDK. Na verdade, muitos outros aplicativos também usam as mesmas permissões para usar serviços fornecidos pelo Google, como C2DM (ou GCM, Mensagens do Google Cloud), Gmaps, etc, que não são uma permissões padrão Android (e componentes).

 

While I agree that there's something wrong with your Google apps compatibility, I don't think those apps are compromised.

Android SDK (Software Development Kit) provides some standard permissions that are listed on its official documentation (and some of the details on Android.SE).

In addition of that, Android allows their developer to declare new permissions to be used by other apps. As it can be seen, Google does that with example of Gtalk (com.google.android.gtalkservice.permission.GTALK_SERVICE). It's normal for an app (even more, from the same developer) to use the custom permission for their needs.

Now, the reason why VirusTotal labels them as "unknown permission" because, I believe, it only checks for standard permissions, which is reasonable since there are no references for all custom permissions defined by other apps. (VirusTotal could probably work together with Google or other trusted companies to store their custom permissions as "known", but it's outside of the context).

So the conclusion is, "unknown permission" doesn't mean the app is tampered/compromised. It's just not a standard permission from Android SDK. In fact, many other apps also use the same permissions to use Google provided services, such as C2DM (or GCM, Google Cloud Messaging), GMaps, etc, which are not a standard Android permissions (and components).

 
 

Perguntas relacionadas

3  Como desabilite o Google App?  ( How do i disable google app ) 
Estou usando o telefone Android 6.0 (não enraizado). Holding Home Botão abre o Google App que eu nunca uso. Eu não acho que eu possa mudar o comportamento d...

0  O que são "t" matrícula no Google "e" x Inscrição do Google "  ( What are t google enrolment and x google enrolment ) 
No meu pixel 3 com estoque rom eu posso ver (entre outros) aplicativos chamados "T Inscrição do Google" e "x Inscrição do Google". O que são esses e o que ele...

3  Eu tenho menos de 40 aplicativos (incluindo aplicativos do sistema); O que mais posso remover?  ( I have less than 40 apps including system apps what else can i remove ) 
Estou tentando remover o máximo de bloatware possível, mas não há informações sobre algumas delas no Google. Aqui está a lista de aplicativos que eu não tenho...

1  Trigger Re-ler (ou atualizar) do banco de dados de aplicativos (sistema)  ( Trigger re reador update of systemapp database ) 
Aplicativos ou aplicativos do sistema em geral são capazes de armazenar informações dentro de um banco de dados. Meu problema é agora: por exemplo, o aplicati...

31  Como faço para instalar adequadamente um aplicativo do sistema, dado ao seu .apk?  ( How do i properly install a system app given its apk ) 
Eu removi um aplicativo do sistema (com.android.mms) e eu tenho o .apk necessário para restaurá-lo, no entanto, ele não será instalado através dos canais padr...

1  O ícone permanece na gaveta após a remoção de aplicativos de ações  ( Icon remains in drawer after removing stock app ) 
Eu removi o Google Drive do System / App usando Root Explorer. No entanto, quando eu verifico a gaveta do aplicativo, o ícone ainda está lá. (Quando removi ou...

2  Não pode desativar com.motorola.ccc.ota  ( Cannot disable com motorola ccc ota ) 
Desde "Atualização de software da Motorola" decidiu baixar Nougat Ota sem pedir a minha opinião, declarei uma guerra. Mas as armas que uso são quebradas. wa...

3  Permissões desconhecidas na análise virológica  ( Unknown permissions on virustotal analysis ) 
Eu notei um comportamento incomum e indesejado de alguns dos meus aplicativos do sistema, mais notavelmente o Google Play Services, o Gerente de Conta do Goog...

3  Apresentação de redefinição de fábrica limpará / limpar os aplicativos pré-instalados?  ( Will factory resetting wipe clear away pre installed apps ) 
Eu vinculei minha conta do Gmail ao meu tablet e eu mais quero vinculada. Eu li que está permanentemente ligado, e devo reiniciar a fábrica o dispositivo pa...

0  Como posso desinstalar esse aplicativo que continua sendo reinstalado?  ( How can i uninstall this app which keeps getting reinstalled ) 
Olá estou executando o Android 4.2 Samsung enraizado. Existe um aplicativo que sempre aparece no meu ABCDEFGHIJKLMBCDefGHIJKLMN0 Pasta e sempre é executado ...




© 2022 pergunte.org All Rights Reserved. Casa de perguntas e respostas todos os direitos reservados


Licensed under cc by-sa 3.0 with attribution required.