Virustotal分析的未知权限 -- stock-android 领域 和 google-account 领域 和 permissions 领域 和 system-apps 领域 android 相关 的问题

Unknown Permissions on VirusTotal analysis








将这些特定权限指定为原产于这些应用程序。其中一些权限专门设计用于通过C2DM和GTANK传输和通信,以及GTANK到其他设备,以及保存的帐户详细信息包括密码。这让我得出结论,敏感的个人信息已被泄露给第三方。以下是Google Container Manager的输出,例如示例:




I have noticed unusual and unwanted behavior from a few of my system apps, most notably Google Play Services, Google Account Manager, and Google Services Framework. These apps cause force closes on their own operations as well as those of other apps, they seem to have the capability to take over functionality of my phone completely at times.

So, I used the tool to analyze permissions on these apps to determine if they are present with the right capabilities built into them for the version that came pre-installed on the phone. For each of these apps, they returned between 10-20 additional permissions each that they were not designed to have, suggesting that they have been tampered with.

My phone is not rooted or modified in any way and I have had it for less than a year. These additional permissions were labeled:

(Unknown permission from android reference)

designating these specific permissions as not being native to these apps. Some of these permissions are specifically designed for transmission and communication of data via C2DM and Gtalk to other devices, as well as exposure of saved account details including passwords. This leads me to conclude that sensitive personal information has been leaked to third parties. Here is the output for Google Account Manager as an example:

VirusTotal SHA256:     602db0ceb05877fb6996fd2a3510721d0e32463a6e784ba5cc60ae1f71bb3226 File name:  GoogleLoginService.apk Detection ratio:    0 / 53 Analysis date:  2014-07-20 19:04:51 UTC ( 9 months, 1 week ago ) 0 0      Analysis     File detail     Additional information     Comments 0     Votes     Behavioural information  The file being studied is Android related! APK Android file more specifically. The application's main package name is The internal version number of the application is 19. The displayed version string of the application is 4.4.4-1215936. The minimum Android API level for the application to run (MinSDKVersion) is 8. The target Android API level for the application to run (TargetSDKVersion) is 17. Risk summary The studied DEX file makes use of API reflection Permissions that allow the application to access Internet Permissions that allow the application to access private information Other permissions that could be considered as dangerous in certain scenarios Required permissions android.permission.CHANGE_NETWORK_STATE (change network connectivity) android.permission.READ_SYNC_SETTINGS (read sync settings) (Unknown permission from android reference) android.permission.USE_CREDENTIALS (use the authentication credentials of an account) android.permission.DUMP (retrieve system internal status) android.permission.READ_LOGS (read sensitive log data) android.permission.WRITE_PROFILE (write the user's personal profile data) android.permission.CHANGE_COMPONENT_ENABLED_STATE (enable or disable application components) android.permission.READ_SYNC_STATS (read sync statistics) android.permission.RECEIVE_BOOT_COMPLETED (automatically start at boot) android.permission.INTERNET (full Internet access) (Unknown permission from android reference) android.permission.BACKUP (control system back up and restore) (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_READ (read subscribed feeds) android.permission.MANAGE_ACCOUNTS (manage the accounts list) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.PERSISTENT_ACTIVITY (make application always run) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.ACCESS_NETWORK_STATE (view network status) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.WRITE_CONTACTS (write contact data) android.permission.WRITE_SYNC_SETTINGS (write sync settings) android.permission.AUTHENTICATE_ACCOUNTS (act as an account authenticator) android.permission.BROADCAST_STICKY (send sticky broadcast) (Unknown permission from android reference) android.permission.WRITE_SETTINGS (modify global system settings) android.permission.READ_PHONE_STATE (read phone state and identity) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) (Unknown permission from android reference) android.permission.VIBRATE (control vibrator) (Unknown permission from android reference) android.permission.SUBSCRIBED_FEEDS_WRITE (write subscribed feeds) android.permission.ACCESS_WIFI_STATE (view Wi-Fi status) (Unknown permission from android reference) android.permission.WAKE_LOCK (prevent phone from sleeping) android.permission.CHANGE_WIFI_STATE (change Wi-Fi status) android.permission.READ_CONTACTS (read contact data) (Unknown permission from android reference) android.permission.READ_PROFILE (read the user's personal profile data) (Unknown permission from android reference) android.permission.GET_ACCOUNTS (discover known accounts) Permission-related API calls ACCESS_NETWORK_STATE Landroid/net/ConnectivityManager;->getActiveNetworkInfo()Landroid/net/NetworkInfo; called from Lcom/google/android/gsf/loginservice/BaseActivity;->hasNetworkConnection()Z READ_PHONE_STATE Landroid/telephony/TelephonyManager;->getLine1Number()Ljava/lang/String; called from Lcom/google/android/gsf/login/RecoveryDataActivity;->initViews(Landroid/os/Bundle;)V USE_CREDENTIALS Landroid/accounts/AccountManager;->invalidateAuthToken(Ljava/lang/String; Ljava/lang/String;)V called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->invalidateAuthToken(Ljava/lang/String;)V INTERNET Ljava/net/ServerSocket;-><init>(I)V called from Lcom/google/android/common/http/TestHttpServer;-><init>(I)V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/common/GoogleWebContentHelper;->initializeViews()V Landroid/webkit/WebView;-><init>(Landroid/content/Context;)V called from Lcom/google/android/gsf/login/CustomWebView;-><init>(Landroid/content/Context;)V VIBRATE Landroid/app/NotificationManager;->notify(I Landroid/app/Notification;)V called from Lcom/google/android/gms/auth/GoogleAuthUtil;->a(Landroid/content/Context; Ljava/lang/String; Ljava/lang/String; Landroid/os/Bundle;)Ljava/lang/String; ACCESS_WIFI_STATE Landroid/net/wifi/WifiManager;->getWifiState()I called from Lcom/google/android/gsf/login/SetupWirelessActivity;->tryEnablingWifi()Z GET_ACCOUNTS Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/BaseActivity;->isFirstAccount()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/AccountIntroActivity;->maybeSkipAccountSetup()Z Landroid/accounts/AccountManager;->getAccountsByType(Ljava/lang/String;)[Landroid/accounts/Account; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V READ_SYNC_SETTINGS Landroid/content/ContentResolver;->getIsSyncable(Landroid/accounts/Account; Ljava/lang/String;)I called from Lcom/google/android/gsf/login/SyncSettingsFragment;->updateListViewData(Landroid/accounts/Account;)V CHANGE_COMPONENT_ENABLED_STATE Landroid/content/pm/PackageManager;->setApplicationEnabledSetting(Ljava/lang/String; I I)V called from Lcom/google/android/gsf/login/ShowErrorActivity;->onClick(Landroid/view/View;)V MANAGE_ACCOUNTS Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/login/EduLoginActivity;->removeAnyNewAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteAllAccounts()V Landroid/accounts/AccountManager;->removeAccount(Landroid/accounts/Account; Landroid/accounts/AccountManagerCallback; Landroid/os/Handler;)Landroid/accounts/AccountManagerFuture; called from Lcom/google/android/gsf/loginservice/GoogleLoginService$GlsImplementation;->deleteOneAccount(Ljava/lang/String;)V AUTHENTICATE_ACCOUNTS Landroid/accounts/AccountManager;->getUserData(Landroid/accounts/Account; Ljava/lang/String;)Ljava/lang/String; called from Lcom/google/android/gsf/loginservice/GoogleLoginService;->accountHasFeatures(Landroid/accounts/AccountManager; Landroid/accounts/Account; [Ljava/lang/String;)Z Activities Services Receivers Service-related intent filters actions: android.accounts.AccountAuthenticator, Activity-related intent filters actions:, android.intent.action.MAIN categories: android.intent.category.DEFAULT Receiver-related intent filters actions: Code-related observations The application does not load any code dynamically The application contains reflection code The application does not contain native code The application does not contain cryptographic code Application certificate information Issuer     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android Subject     DN: C=US, ST=California, L=Mountain View, O=Google Inc., OU=Android, CN=Android     C: US     CN: Android     L: Mountain View     O: Google Inc.     S: California     OU: Android 

Who should I bring this information to the attention to? Is it pretty much certain that my phone is completely compromised?





Android SDK(软件开发套件)提供了在上列出的一些标准权限它的官方文档(和有关android.se的一些详细信息< / a>)。

否则,Android允许他们的开发人员声明新权限其他应用程序使用。可以看出,Google与GTalk示例一样( )。它对于应用程序(来自同一开发人员)的应用程序正常使用来使用自定义许可。

现在,毒蚀地标记为"未知权限" 的原因,因为我相信,它只检查标准权限,这是合理的,因为没有引用所有由其他人定义的自定义权限应用。 (Virustotal可能与谷歌或其他可信公司一起工作,将其自定义权限存储为"已知" ,但它在上下文之外)。

所以结论是"未知权限" 并不意味着应用程序被篡改/妥协。它只是Android SDK的标准权限。实际上,许多其他应用程序还使用相同的权限来使用Google提供的服务,例如C2DM(或GCM,Google云消息传递),GMAPE等,这不是标准的Android权限(和组件)。


While I agree that there's something wrong with your Google apps compatibility, I don't think those apps are compromised.

Android SDK (Software Development Kit) provides some standard permissions that are listed on its official documentation (and some of the details on Android.SE).

In addition of that, Android allows their developer to declare new permissions to be used by other apps. As it can be seen, Google does that with example of Gtalk ( It's normal for an app (even more, from the same developer) to use the custom permission for their needs.

Now, the reason why VirusTotal labels them as "unknown permission" because, I believe, it only checks for standard permissions, which is reasonable since there are no references for all custom permissions defined by other apps. (VirusTotal could probably work together with Google or other trusted companies to store their custom permissions as "known", but it's outside of the context).

So the conclusion is, "unknown permission" doesn't mean the app is tampered/compromised. It's just not a standard permission from Android SDK. In fact, many other apps also use the same permissions to use Google provided services, such as C2DM (or GCM, Google Cloud Messaging), GMaps, etc, which are not a standard Android permissions (and components).



0  Android由于系统/ app文件夹中缺少APK文件而无法启动  ( Android does not boot because of missing apk files in system app folder ) 
我从 我有一个rooted huawei u8825d phone.i想知道"/ system / app /" 文件夹中没有apk文件。 所以,我从/ system / app /到内部sd卡移动了这些apk文件。当我...

1  一种自动创建闪存拉链的方法  ( A way to automate the creation of flashable zips ) 
所以,我的问题是:有没有办法自动创建闪存的zip存档,以避免必须编写更新程序脚本和更新 - 二进制每次我想要一个zip都要完成zip? 此外,ZIP存档需要执行的唯一功能是将应用程序安装为系统应用程序。我如何执行此类任务,最好是没有外部应用程序的帮助? ...

3  如何禁用Google App?  ( How do i disable google app ) 
我正在使用Android 6.0(非生根)手机。拿着主页按钮打开我从不使用的谷歌应用程序。 我不认为我可以将至少作为非root用户的举起主页按钮的行为。 (如果有任何方式或工作,那么别忘了告诉我!) 所以,因为我从不使用谷歌应用程序并且还想要通过主页按钮停止打开Goog​​le应用程序,我想禁用它,因为它是一个系统应...

1  存活出厂重置的应用程序  ( App that survives a factory reset ) 
我的问题在这一刻是理论上。我正在调查它是否有可能,在花时间之前是可能的。 我有一个扎根的电话。 我想在启动时添加一个进入iptables。 如果手机是出厂重置,我仍然希望将该条目添加到iptables中。 我到目前为止的思想是: 更改引导映像并使init.rc永久性,但我认为这是可怕和风险。 创建安装在 /sy...

63  通过adb启用和禁用系统应用程序  ( Enable and disable system apps via adb ) 
有没有adb命令启用/禁用系统应用程序? 感谢 ...

-1  重新安装卸载的Google Play Store [复制]  ( Reinstall uninstalled google play store ) 
这个问题已经在这里有答案: 我已删除了Google Play商店。我如何重新安装它? (8个答案) ...

0  系统应用程序和预安装的应用程序两种不同的概念吗?  ( Is system apps and pre installed apps two different concepts ) 
我最近开始学习Android Roms。我已经听到了一些特殊(不是根)权限的系统应用程序。 当我们构建ROM时系统应用程序和预安装的应用程序有区别吗?我这两个概念? ...

0  从Cyanogenmod 13卸载audiofx是安全的吗?  ( Is it safe to uninstall audiofx from cyanogenmod 13 ) 
背景: 我最近将三星Galaxy S4从Cyanogenmod 11(Kitkat)升级为Cyanogenmod 13(棉花糖)。除了奥迪亚克斯连续几次崩溃之外,一切似乎都很好("遗憾的是,奥迪奥多克斯已经停止了工作" )。 由于崩溃消息抓住了焦点,这会易于发生4到6次,这是非常破坏性的。奇怪的是,Audiofx...

1  删除股票应用后,图标仍然在抽屉里  ( Icon remains in drawer after removing stock app ) 
我使用root资源管理器从系统/应用程序中删除了Google Drive。但是,当我检查App抽屉时,图标仍然存在。 (当我删除了Samsung的Chaton等系统应用程序时,图标消失了)。 我希望删除我不需要/使用的其他Google应用程序,但我不想在抽屉里留一堆非功能图标。我做错了什么? ...

0  如何卸载此应用程序,该应用程序不会重新安装?  ( How can i uninstall this app which keeps getting reinstalled ) 
Hello我正在运行Android 4.2 samsung rooted。有一个应用程序始终出现在我的 data/app 文件夹上,始终在启动时运行。当我去App Manager时,我可以卸载但下次我重新启动它仍然存在。我无法改变其权限,我怀疑它是恶意软件,因为它不在 system/app 文件夹中,我不认为它是一...

2  如何摆脱未经关注的系统内存?  ( How do i get rid of uneccessary system memory ) 
所以,正如标题所说:我的三星Galaxy J5(2016)填满了。不是应用程序,但使用"系统内存" 。该设备仅具有8 GB的存储,系统内存使用约〜48%+(3.3 GB)。好吧,应用程序填写4 GB,但这就是为什么我删除了大约20%的系统应用程序(如Google,Hoogouts等等)。 我该怎么办?如何摆脱使用的极...

31  如何妥善安装其.apk的系统应用程序?  ( How do i properly install a system app given its apk ) 
我删除了系统应用程序(,我有.apk需要恢复它,但它不会通过标准通道安装(运行.apk给我"未安装应用程序" )。安装系统应用程序的正确方法是什么? ...

0  随机应用程序继续安装在手机上  ( Random apps keep installing on the phone ) 
这是这些应用程序的屏幕截图。我从未下载过他们: 屏幕截图(单击图像的较大变体) 许多次由我删除,但它们是下载并再次安装的自己。我该怎么办?此外,我从未逐一安装过的这些应用程序。 ...

3  Virustotal分析的未知权限  ( Unknown permissions on virustotal analysis ) 
我已经注意到我的一些系统应用程序中的不寻常和不需要的行为,最常见的谷歌播放服务,谷歌客户经理和Google服务框架。这些应用程序导致力量关闭自己的运营以及其他应用程序,它们似乎有能力在时代完全接管手机的功能。 所以,我使用了virustotal.com工具来分析这些应用程序的权限,以确定它们是否存在于手机上预安装的版...

3  将出厂将擦除/清除预装应用程序?  ( Will factory resetting wipe clear away pre installed apps ) 
我将我的gmail帐户链接到我的平板电脑,我更长时间希望它链接。 我已阅读它是永久链接的,我必须恢复出厂重置设备以取消链接帐户 - 这是真的吗? 将出厂重置我的设备删除包括预先安装的应用程序的所有内容,或者将与我预先安装的应用程序完好无损的新功能? ...

0  文件应用程序(在最近的标签上崩溃  ( Files app com android documentsui crashes on recent tab ) 
我有一个xiaomi redmi note 7 with Android 9.这个工厂应用程序称为"文件" (它是 )不再正常工作。 我在手机上有一些应用程序,如automatag来改变我的歌曲和贴纸制造商的标签,以制作WhatsApp贴纸。当我必须选择图像时,它们都使用...

3  我有少于40个应用程序(包括系统应用程序);我还能删除什么?  ( I have less than 40 apps including system apps what else can i remove ) 

1  触发重新读取(或更新)(系统)应用程序数据库  ( Trigger re reador update of systemapp database ) 
系统应用程序或应用程序能够在数据库中存储信息。我的问题现在是:例如,Launcher应用程序确实将类似应用程序数量的设置及其在主屏蔽,小部件等的位置存储在数据分区上的数据库中。 这些设置通常只是从数据库中读取,即使有一个新的启动器应用程序替换,具有托盘的不同设置。 我的问题现在: Is there any metho...

1  使“点击添加优先发件人”消失  ( Make tap to add priority senders disappear ) 
我最近更新了手机的操作系统,从那时起,我有以下"点击以添加优先级发件人" 。在我不喜欢的SMS应用程序上,它只需使用屏幕空间。 如何删除它? Android版本:4.4.2 Galaxy S5 示例屏幕截图(点击较大的变量) ...

7  SwiftKey可以移动到系统分区吗?  ( Can swiftkey be moved to the system partition ) 
我想移动 swiftkee 应用程序我的标准用户分区到系统分区(我有root)。我能够使用Titanium Backup或Link2SD将应用程序转换为系统应用程序,但随时随地使用SwiftKey尝试,它不断强制关闭。使用大多数应用程序,如果在将它们更改为系统应用后,他们开始表演,您只需重新启动并工作。但是,重新启动...

3  删除未生根的预安装应用程序  ( Remove preinstalled apps without rooting ) 
除了根省设备以删除预安装的应用程序是否有任何其他方式? 如果它是相关的,android版本是4.4 kitkat。 ...

1  人们应用程序从Nexus 4上的应用中消失了  ( People app disappeared from apps on nexus 4 ) 
它是一个系统应用程序,但不知何故,我禁用它。现在,它不会向我展示我的联系人或任何东西。如果我试图从通知抽屉看出未接来电,它会在主屏幕上让我感到困惑。我无法查看任何通话记录。 ...

0  什么是“T Google注册”和“X Google注册”  ( What are t google enrolment and x google enrolment ) 
在我的像素3中,我可以看到(在其他)的应用程序中称为"t谷歌注册" 和"x Google注册" 。这些是什么,他们做了什么?我可以安全地禁用它们吗? 更新:如果,如答案中的暗示,这些都在侦听"OK Google" 短语,为什么有两个,它们与"OK Google注册" 的不同以及如何与"OK Google注册" 的不...

0  修复错误:“mount:'/ system'不在/ proc / mounts”  ( Fix for error mount system not in proc mounts ) 
首先,我刚刚进入生根和自定义roms。我没有写一个命令,我只是在一个美丽的旅程开始。我将尝试包含一切,因为我不知道哪个部分很重要。 我有一个redmi note 5 pro,是Android 9,在那点我解锁了引导加载程序并用Magisk扎根了它。没有下载任何模块。 之后,我下载了自定义ROM(像素体验)(我使用音调...

2  无法禁用com.motorola.ccc.ota  ( Cannot disable com motorola ccc ota ) 
由于"摩托罗拉软件更新" 决定下载Nougat Ota而不询问我的意见,我宣布了一场战争。但我使用的武器被打破了。 与 su : shell@athene:/ $ pm disable com.motorola.ccc.ota Error: java.lang.SecurityException: Permiss...


0  Android由于系统/ app文件夹中缺少APK文件而无法启动 
1  一种自动创建闪存拉链的方法 
3  如何禁用Google App? 
1  存活出厂重置的应用程序 
63  通过adb启用和禁用系统应用程序 
-1  重新安装卸载的Google Play Store [复制] 
0  系统应用程序和预安装的应用程序两种不同的概念吗? 
0  从Cyanogenmod 13卸载audiofx是安全的吗? 
1  删除股票应用后,图标仍然在抽屉里 
0  如何卸载此应用程序,该应用程序不会重新安装? 
2  如何摆脱未经关注的系统内存? 
31  如何妥善安装其.apk的系统应用程序? 
0  随机应用程序继续安装在手机上 
3  Virustotal分析的未知权限 
3  将出厂将擦除/清除预装应用程序? 
0  文件应用程序(在最近的标签上崩溃 
3  我有少于40个应用程序(包括系统应用程序);我还能删除什么? 
1  触发重新读取(或更新)(系统)应用程序数据库 
1  使“点击添加优先发件人”消失 
7  SwiftKey可以移动到系统分区吗? 
3  删除未生根的预安装应用程序 
1  人们应用程序从Nexus 4上的应用中消失了 
0  什么是“T Google注册”和“X Google注册” 
0  修复错误:“mount:'/ system'不在/ proc / mounts” 
2  无法禁用com.motorola.ccc.ota 

© 2021 All Rights Reserved. 问答之家 版权所有