Virustotal分析的未知权限 -- stock-android 领域 和 google-account 领域 和 permissions 领域 和 system-apps 领域 android 相关 的问题

Unknown Permissions on VirusTotal analysis








将这些特定权限指定为原产于这些应用程序。其中一些权限专门设计用于通过C2DM和GTANK传输和通信,以及GTANK到其他设备,以及保存的帐户详细信息包括密码。这让我得出结论,敏感的个人信息已被泄露给第三方。以下是Google Container Manager的输出,例如示例:




I have noticed unusual and unwanted behavior from a few of my system apps, most notably Google Play Services, Google Account Manager, and Google Services Framework. These apps cause force closes on their own operations as well as those of other apps, they seem to have the capability to take over functionality of my phone completely at times.

So, I used the tool to analyze permissions on these apps to determine if they are present with the right capabilities built into them for the version that came pre-installed on the phone. For each of these apps, they returned between 10-20 additional permissions each that they were not designed to have, suggesting that they have been tampered with.

My phone is not rooted or modified in any way and I have had it for less than a year. These additional permissions were labeled:

(Unknown permission from android reference)

designating these specific permissions as not being native to these apps. Some of these permissions are specifically designed for transmission and communication of data via C2DM and Gtalk to other devices, as well as exposure of saved account details including passwords. This leads me to conclude that sensitive personal information has been leaked to third parties. Here is the output for Google Account Manager as an example:

VirusTotal SHA256:     602db0ceb05877fb6996fd2a3510721d0e32463a6e784ba5cc60ae1f71bb3226 File name:  GoogleLoginService.apk Detection ratio:    0 / 53 Analysis date:  2014-07-20 19:04:51 UTC ( 9 months, 1 week ago ) 0 0      Analysis     File detail     Additional information     Comments 0     Votes     Behavioural information  The file being studied is Android related! APK Android file more specifically. The application's main package name is The internal version number of the application is 19. The displayed version string of the application is 4.4.4-1215936. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 17. Risk summary The studied DEX file makes use of API reflection Permissions that allow the application to access Internet Permissions that allow the application to access private information Other permissions that could be considered as dangerous in certain scenarios Required permissions android.permission.CHANGE_NETWORK_STATE (change network connectivity) android.permission.READ_SYNC_SETTINGS (read sync settings) (Unknown permission from android reference) android.permission.USE_CREDENTIALS (use the authentication credentials of an account) android.permission.DUMP (retrieve system internal status) android.permission.READ_LOGS (read sensitive log data) android.permission.WRITE_PROFILE (write the user's personal profile data) android.permission.CHANGE_COMPONENT_ENABLED_STATE (enable or disable application components) android.permission.READ_SYNC_STATS (read sync statistics) android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot) android.permission.INTERNET (full Internet access) (Unknown permission from android reference) android.permission.BACKUP (control system back up and restore) (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_READ (read subscribed feeds) android.permission.MANAGE_ACCOUNTS (manage the accounts list) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.PERSISTENT_ACTIVITY (make application always run) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.ACCESS_NETWORK_STATE (view network status) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.WRITE_CONTACTS (write contact data) android.permission.WRITE_SYNC_SETTINGS (write sync settings) android.permission.AUTHENTICATE_ACCOUNTS (act as an account authenticator) android.permission.BROADCAST_STICKY (send sticky broadcast) (Unknown permission from android reference) android.permission.WRITE_SETTINGS (modify global system settings) android.permission.READ_PHONE_STATE (read phone state and identity) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.VIBRATE (control vibrator) (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_WRITE (write subscribed feeds) android.permission.ACCESS_WIFI_STATE (view Wi-Fi status) (Unknown permission from android reference) android.permission.WAKE_LOCK (prevent phone from sleeping) android.permission.CHANGE_WIFI_STATE (change Wi-Fi status) android.permission.READ_CONTACTS (read contact data) (Unknown permission from android reference) android.permission.READ_PROFILE (read the user's personal profile data) (Unknown permission from android reference) android.permission.GET_ACCOUNTS (discover known accounts) Permission-related API calls ACCESS_NETWORK_STATE Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/google/android/gsf/loginservice/BaseActivity;->hasNetworkConnection()Z READ_PHONE_STATE Landroid/telephony/TelephonyManager;->getLine1Number()Ljava/lang/String; called from Lcom/google/android/gsf/login/RecoveryDataActivity;->initViews(Landroid/os/Bundle;)V USE_CREDENTIALS Landroid/accounts/AccountManager;->invalidateAuthToken(Ljava/lang/String; Ljava/lang/String;)V called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->invalidateAuthToken(Ljava/lang/String;)V INTERNET Ljava/net/ServerSocket;-><init>(I)V called from Lcom/google/android/common/http/TestHttpServer;-><init>(I)V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/common/GoogleWebContentHelper;->initializeViews()V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/gsf/login/CustomWebView;-><init>(Landroid/content/Context;)V VIBRATE Landroid/app/NotificationManager;->notify(I Landroid/app/Notification;)V called from Lcom/google/android/gms/auth/GoogleAuthUtil;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Landroid/os/Bundle;)Ljava/lang/String; ACCESS_WIFI_STATE Landroid/net/wifi/WifiManager;->getWifiState()I called from Lcom/google/android/gsf/login/SetupWirelessActivity;->tryEnablingWifi()Z GET_ACCOUNTS Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/BaseActivity;->isFirstAccount()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/AccountIntroActivity;->maybeSkipAccountSetup()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V READ_SYNC_SETTINGS Landroid/content/ContentResolver;->getIsSyncable(Landroid/accounts/Account; Ljava/lang/String;)I called from Lcom/google/android/gsf/login/SyncSettingsFragment;->updateListViewData(Landroid/accounts/Account;)V CHANGE_COMPONENT_ENABLED_STATE Landroid/content/pm/PackageManager;->setApplicationEnabledSetting(Ljava/lang/String; I I)V called from Lcom/google/android/gsf/login/ShowErrorActivity;->onClick(Landroid/view/View;)V MANAGE_ACCOUNTS Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteAllAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteOneAccount(Ljava/lang/String;)V AUTHENTICATE_ACCOUNTS Landroid/accounts/AccountManager;->getUserData(Landroid/accounts/Account; Ljava/lang/String;)Ljava/lang/String; called from Lcom/google/android/gsf/loginservice/GoogleLoginService;->accountHasFeatures(Landroid/accounts/AccountManager; Landroid/accounts/Account; [Ljava/lang/String;)Z Activities Services Receivers Service-related intent filters actions: android.accounts.AccountAuthenticator, Activity-related intent filters actions:, android.intent.action.MAIN categories: android.intent.category.DEFAULT Receiver-related intent filters actions: Code-related observations The application does not load any code dynamically The application contains reflection code The application does not contain native code The application does not contain cryptographic code Application certificate information Issuer     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android Subject     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android 

Who should I bring this information to the attention to? Is it pretty much certain that my phone is completely compromised?





Android SDK(软件开发套件)提供了在上列出的一些标准权限它的官方文档(和有关android.se的一些详细信息< / a>)。

否则,Android允许他们的开发人员声明新权限其他应用程序使用。可以看出,Google与GTalk示例一样( )。它对于应用程序(来自同一开发人员)的应用程序正常使用来使用自定义许可。

现在,毒蚀地标记为"未知权限" 的原因,因为我相信,它只检查标准权限,这是合理的,因为没有引用所有由其他人定义的自定义权限应用。 (Virustotal可能与谷歌或其他可信公司一起工作,将其自定义权限存储为"已知" ,但它在上下文之外)。

所以结论是"未知权限" 并不意味着应用程序被篡改/妥协。它只是Android SDK的标准权限。实际上,许多其他应用程序还使用相同的权限来使用Google提供的服务,例如C2DM(或GCM,Google云消息传递),GMAPE等,这不是标准的Android权限(和组件)。


While I agree that there's something wrong with your Google apps compatibility, I don't think those apps are compromised.

Android SDK (Software Development Kit) provides some standard permissions that are listed on its official documentation (and some of the details on Android.SE).

In addition of that, Android allows their developer to declare new permissions to be used by other apps. As it can be seen, Google does that with example of Gtalk ( It's normal for an app (even more, from the same developer) to use the custom permission for their needs.

Now, the reason why VirusTotal labels them as "unknown permission" because, I believe, it only checks for standard permissions, which is reasonable since there are no references for all custom permissions defined by other apps. (VirusTotal could probably work together with Google or other trusted companies to store their custom permissions as "known", but it's outside of the context).

So the conclusion is, "unknown permission" doesn't mean the app is tampered/compromised. It's just not a standard permission from Android SDK. In fact, many other apps also use the same permissions to use Google provided services, such as C2DM (or GCM, Google Cloud Messaging), GMaps, etc, which are not a standard Android permissions (and components).



8  Samsung Galaxy S i9000的原始操作系统[重复]  ( Original os for samsung galaxy s i9000 ) 
这个问题已经在这里有答案: 关闭 8年前。 可能的重复: 我在哪里可以找到库存或为我的Android设备进行自定义ROM? 我在我的三星Galaxy S i9000上放了一个rom,现在它没...

0  如何删除不允许卸载选项的应用程序而无需源智能手机? [复制]  ( How to remove apps which doesnt allow uninstall option without rooting smartpho ) 
这个问题已经在这里有答案: 卸载应用程序锁定的应用程序锁定的应用程序 (4个答案) ...

4  生根库存固件 - GSII与NFC  ( Rooting stock firmware gsii with nfc ) 
我有一个带有nfc(gt-i9100p)的Galaxy S2,我希望root访问权限正确地管理手机。 我一直在看不同网站上的各种论坛帖子,我刚刚越来越乐于我需要做的事情。 从我理解的是,我需要将一个不安全的内核闪烁到手机(用odin)来获得root访问权限,然后我可以将股票固件闪存回电话并保留root访问权限。这是正...

1  Android Playstore速度问题库存安卓手机  ( Android playstore speed problem on stock android phone ) 
我正在使用Android一个手机用Stock Android 8.0.0,我在PlayStore中看到了一些主要的速度问题 - 从PlayStore下载时,我只获得250kbps的速度,而我的实际速度是1.3mbps - 我进入其他应用程序。 。也连接到同一网络时甚至是其他手机游戏机。 我不知道发生了什么.. 任何...

-2  Lenovo P70升级后丢失的联系人  ( Lenovo p70 contacts lost after upgrade ) 
从Version Kitkat 4.4.4到Lenovo P70的OTA升级到棒棒糖5.1没有可见的联系人 谢谢 MSADEK ...

2  为什么我的Galaxy S4屏幕不显示任何东西?  ( Why doesnt my galaxy s4 screen display anything ) 
我的三星Galaxy S4将突然不会在显示屏上显示任何内容。它振动,诸如如果一切,但显示器有效。有时它会闪存一些看起来有点像Android家伙的一部分,但它闪烁这么快,我无法确定它是什么或者它是否只闪烁。 我已经尝试了顶级解决方案,我的谷歌搜索导致我尝试: - 介绍电池并保持音量向上和主按钮10秒钟。 - 介绍...

1  所有Android设备都有USB OTG支持吗?  ( Do all android devices have usb otg support ) 
我正在使用 cellon a98 。我的设备的规范表明它没有 usb otg支持 ..我尝试了 otg问题排查仪 ...它表示支持USB主机......我有< strong> USB主机功能**或者是** OTG故障排除程序的错误 l ...

1  播放商店在更新Nexus 5上的应用时继续崩溃  ( Play store keep crashing while updating apps on nexus 5 ) 
好的,我有一个nexus 5,库存,更新到最后一个android版本。 当我更新应用程序时,其中一些,在下载更新时,使Google Play商店崩溃到家。 我再次开始播放商店,我开始再次更新:这一次,没问题。 这不是一个大问题,但随机性有点恼人。 任何人都知道为什么会发生这种情况? ...

3  将Cyanogenmod的Android手机重置为原创  ( Resetting android phone from cyanogenmod to original ) 
当我买了我的(二手)的nexus one,它带有cyanogenmod。 我想把它更改回谷歌的2.2(或2.3)android。 这需要什么,我如何以最安全的方式执行此操作(例如,用砖块或任何其他副作用)? ...

0  在增加System.img大小时,Android OTA更新失败  ( Android ota update fail when increased the system img size ) 
我正在使用 android 7 为 ota更新。当前 system.img size 499 mb 与此OTA更新工作。我由于编译错误而增加了这一点。如果 system.img高于499 MB OTA更新失败。 ...

5  更换通知栏  ( Replace notification bar ) 
nexus s中的默认通知栏非常基本。它没有像其他人这样的任何切换按钮。我可以替换它吗? ...

3  如何将原始软件重新加载到Nexus One  ( How can i reload original software back to nexus one ) 
我解锁了我的nexus,并编译并安装姜面包构建负载到手机。但现在,我意识到它没有所有的谷歌软件。 Gmail,地图,市场等。 如何将我的nexus重置为所有谷歌软件的原始froyo? 我已经尝试过'恢复出厂设置',但它不会恢复到Android 2.2。谢谢任何想法。 谢谢。 ...

0  访问网络连接日志w / nougat  ( Accessing network connections logs w nougat ) 
我没有程序员,我无法为废话编写,但是当我的VPN断开连接时,我遭受了一些违规行为。我只使用数据,但我肯定喜欢访问日志 ...

4  HTC Desire HD Android 2.2当计时器运行时关闭屏幕关闭  ( Htc desire hd android 2 2 disable screen shut off when timer is running ) 
我试图使用定时器为3分钟的倒计时。 1分钟,屏幕关闭并锁定电话,禁用倒计时。 4分钟后,我意识到发生了什么。有没有方法可以在计时器运行时禁用屏幕关闭? ...

0  Twitter窗口小部件似乎被破坏:“未安装应用程序”  ( Twitter widget appears to be broken application not installed ) 
我在我的三星Galaxy S4上的Twitter应用程序遇到了麻烦。小部件是行为不端的,所以我以为我会从我的屏幕上删除它并把它放回去。发生了什么,而是覆盖覆盖的小部件。每当我尝试放置它时,它将简单地说"未安装应用程序" 。 我已经尝试了以下内容: 重新启动手机 重新安装Twitter应用程序 清除应用程序的缓存和数...

11  市场应用程序下载始终失败/永不开始  ( Market app downloads always fails never starts ) 
全新LG GT540,一切都在市场外工作。点击安装在它中的任何应用程序结果上,它坐在"开始下载......" 一秒钟后,一旦改变为"下载......" 它失败了"下载不成功,请再试一次" 。 这不是'有时市场更新会被卡住下载,我如何取消?"有时'有时'和取消。答案不起作用/不相关。它也不是' Android Mark...

3  把我的摩托罗拉拒绝了它的原始状态  ( Return my motorola defy to its original state ) 
我真的很想找到一种方法来重置手机的方式是我买它的方式,就像在我定制之前一样。这是可能的吗? ...

5  如何运行内置的录音机?  ( How to run built in sound recorder ) 
如果转到 Settings -> Apps -> All ,你将能够在jb 4.2.2中找到"声音记录器" 内置应用程序,但它未在App抽屉上显示。 好奇,如何运行它? ps:这不是选择录制应用程序的问题,但关于运行内置的好奇心一个 ...

0  流屏幕到PC [重复]  ( Stream screen to pc ) 
这个问题已经在这里有答案: 如何投影我的屏幕Android手机演示文稿? (10个答案) ...

2  设备不允许使用非英语进行屏幕锁锁密码  ( Device not allowing the use of non english for the screenlock password ) 
我在摩托罗拉设备W.R.T上面临着非常不明确的行为。以非英语(希伯来语)设置密码。 让我解释场景: 设置 - &gt;语言&amp;输入 - &gt;谷歌键盘 - &gt;输入语言 - &gt;在"主动输入方法" 下 - &gt;希伯来语检查。 现在,返回设置 - &gt;屏幕锁 - &gt;密码 - &gt...

1  在Galaxy S4上跳过一个OTA更新直接到下一个版本  ( Skip an ota update straight to next version on galaxy s4 ) 
我的NOT rooted Galaxy S4 Android 4.3已收到OTA更新的通知。大小我知道它是适用于Android 4.4.2 Kitkat。 我知道手机提供商已经发布了5.0棒棒糖的OTA更新。 我可以跳过套件kat更新,直接到棒棒糖吗?或者先前需要先安装以前的更新? 感谢 ...

1  电子邮件发送问题  ( Email sending issue ) 
所以我写信和电子邮件的那一天,它试图用临时服务器错误发送和失败。现在我无法让它停止发送发送,它不会出现任何地方。我使用电子邮件应用程序发送了我的stratophere来到我的gmail帐户下。 ...

0  随机应用程序继续安装在手机上  ( Random apps keep installing on the phone ) 
这是这些应用程序的屏幕截图。我从未下载过他们: 屏幕截图(单击图像的较大变体) 许多次由我删除,但它们是下载并再次安装的自己。我该怎么办?此外,我从未逐一安装过的这些应用程序。 ...

0  如何按Kingroot恢复已删除的系统应用程序  ( How to recovery deleted system app by kingroot ) 
我意外删除了kingroot中的一些膨胀软件应用程序,通过根根rooting我的设备(下载管理器,画廊等)。 现在我的智能手机无法正常工作: 我的播放商店未下载任何应用程序。 我的浏览器没有下载任何事情。 我没有画廊(我已经安装了一个画廊.apk,但这不是显示的任何东西)。 当我转到铃声系统时,设置停止。 在来电...

-1  有没有办法将Android固件安装到iPhone中? [复制]  ( Is there a way to install the android firmware into a iphone ) 
这个问题已经在这里有一个答案: 我可以在我的非Android设备上安装Android吗? (1答) ...

2  如何拥有我的库存GS3拨号器初始屏幕是最近而不是键盘  ( How to have my stock gs3 dialer initial screen be recent instead of keypad ) 
是否可以在最近的选项卡而不是键盘选项卡上启动我的GS3上的库存拨号器? ...

1  来自Android手机的无线印刷  ( Wireless printing from android phone ) 
我有三星Galaxy通过Boost Mobile普遍,我需要什么样的打印机以及如何无线地从智能手机打印? ...

2  Nexus 5是否支持EAP SIM身份验证?  ( Does nexus 5 support eap sim authentication ) 
作为标题说,我似乎无法完全努力。我正在Nexus 5上运行Android 5.0.1。 ...

1  库存Android快捷方式  ( Stock android shortcuts ) 
所以我相信Android键盘快捷键在版本之间变化,但是股票的Android快捷方式是什么? 我在任何地方都没有找到完整的列表。 我认为这应该是一个社区wiki。 ...

3  想要让我的机器人恢复股票,但不想重新安装应用程序  ( Want to get my droid back to stock but dont want to reinstall apps ) 
我愚蠢地扎根了我的摩托罗拉机器人,直到我陷入蔚蓝的6.1.0-RC3-Droid,直到我安装在物品上。 然而,我应该没有理由做到这一点。它并没有完全解决我的问题。现在,我有一些额外的问题,就像回到库存。 我的第一个问题是: 最简单的方法是让这款手机回到库存的方法是什么?一些帖子谈论启动恢复,只是选择恢复出厂重置 - ...


8  Samsung Galaxy S i9000的原始操作系统[重复] 
0  如何删除不允许卸载选项的应用程序而无需源智能手机? [复制] 
4  生根库存固件 - GSII与NFC 
1  Android Playstore速度问题库存安卓手机 
-2  Lenovo P70升级后丢失的联系人 
2  为什么我的Galaxy S4屏幕不显示任何东西? 
1  所有Android设备都有USB OTG支持吗? 
1  播放商店在更新Nexus 5上的应用时继续崩溃 
3  将Cyanogenmod的Android手机重置为原创 
0  在增加System.img大小时,Android OTA更新失败 
5  更换通知栏 
3  如何将原始软件重新加载到Nexus One 
0  访问网络连接日志w / nougat 
4  HTC Desire HD Android 2.2当计时器运行时关闭屏幕关闭 
0  Twitter窗口小部件似乎被破坏:“未安装应用程序” 
11  市场应用程序下载始终失败/永不开始 
3  把我的摩托罗拉拒绝了它的原始状态 
5  如何运行内置的录音机? 
0  流屏幕到PC [重复] 
2  设备不允许使用非英语进行屏幕锁锁密码 
1  在Galaxy S4上跳过一个OTA更新直接到下一个版本 
1  电子邮件发送问题 
0  随机应用程序继续安装在手机上 
0  如何按Kingroot恢复已删除的系统应用程序 
-1  有没有办法将Android固件安装到iPhone中? [复制] 
2  如何拥有我的库存GS3拨号器初始屏幕是最近而不是键盘 
1  来自Android手机的无线印刷 
2  Nexus 5是否支持EAP SIM身份验证? 
1  库存Android快捷方式 
3  想要让我的机器人恢复股票,但不想重新安装应用程序 

© 2021 All Rights Reserved. 问答之家 版权所有

Licensed under cc by-sa 3.0 with attribution required.