This article seems to be saying that’s it’s not only possible, it’s being actively (and I would assume widely) exploited on current versions of Android. Google is supposed to catch any abuses of listed exceptions, but they are either missing a bunch or letting them intentionally slide through. Either way, apps being able to see other apps is a big security risk that IMO only the user should be able to explicitly allow, and on a case-by-case basis.
Yeah, meaning all newer phones past Android 11 shouldn’t have this issue, but they do because of a workaround by shady companies that Google is either not aware of or not addressing. This issue isn’t limited to older phones – quite the opposite.
Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.
Be very wary of what apps you install, and in fact, try to only use FOSS.
People need to stop touting FOSS as more secure. More auditable, sure. But there are many, many examples of FOSS applications being insecure or abusive.
The bottom line is just “be wary of what apps you install period.”
Sure, but I didn’t mean to say that FOSS couldn’t be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it’s more difficult for it to be hidden.
*if you have an older Android phone.
What do you mean? The article is talking about current versions of Android.
deleted by creator
This article seems to be saying that’s it’s not only possible, it’s being actively (and I would assume widely) exploited on current versions of Android. Google is supposed to catch any abuses of listed exceptions, but they are either missing a bunch or letting them intentionally slide through. Either way, apps being able to see other apps is a big security risk that IMO only the user should be able to explicitly allow, and on a case-by-case basis.
Yeah, meaning all newer phones past Android 11 shouldn’t have this issue, but they do because of a workaround by shady companies that Google is either not aware of or not addressing. This issue isn’t limited to older phones – quite the opposite.
Apologies, I deleted my comment instead of editing it, but I meant to add that even with the shady workaround, if you have sandboxing it likely greatly reduces this risk.
Be very wary of what apps you install, and in fact, try to only use FOSS.
People need to stop touting FOSS as more secure. More auditable, sure. But there are many, many examples of FOSS applications being insecure or abusive.
The bottom line is just “be wary of what apps you install period.”
Sure, but I didn’t mean to say that FOSS couldn’t be insecure. Software itself can obviously be insecure, like we saw with xz. At least with FOSS though, it’s more difficult for it to be hidden.
The second half of the article talks about how the apps get around this permission requirement.