undefined | Better HN

0 pointsgruez1y ago0 comments

It's a preloaded app with possibly privileged permissions (ie. permissions that apps you install normally can't get), so it's possibly worse than what you can normally achieve via physical access. I checked the iVerify report[1], and it doesn't look like such permissions exist, but I'd appreciate more elaboration about the actual vulnerability from grapheneos's debunking post, rather than spending half the article ranting about how various entities are bad.

[1] https://40052983.fs1.hubspotusercontent-na1.net/hubfs/400529...

0 comments

hiatus1y ago

Even if it has more permissions than a normal app, if you have the password and unrestricted local access to the phone you can already put it in debugging mode and connect to it via adb.

gruezOP1y ago

Permissions with protectionLevel of "signature|privileged" can't be granted with adb, so having such an app installed would give you more access than you can get via adb.

https://developer.android.com/reference/android/R.attr#prote...

hiatus1y ago

Thank you, I did not know that.

j / k navigate · click thread line to collapse

0 comments

hiatus1y ago

Even if it has more permissions than a normal app, if you have the password and unrestricted local access to the phone you can already put it in debugging mode and connect to it via adb.

gruezOP1y ago

Permissions with protectionLevel of "signature|privileged" can't be granted with adb, so having such an app installed would give you more access than you can get via adb.

https://developer.android.com/reference/android/R.attr#prote...

hiatus1y ago

Thank you, I did not know that.

j / k navigate · click thread line to collapse