8000 Mobile android application: permission riding is possible · Issue #1901 · LiskHQ/lisk-mobile · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Mobile android application: permission riding is possible #1901

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #1368
Balanced02 opened this issue Jul 3, 2023 · 0 comments · Fixed by #1909
Closed
Tracked by #1368

Mobile android application: permission riding is possible #1901

Balanced02 opened this issue Jul 3, 2023 · 0 comments · Fixed by #1909
Assignees
@clemente-xyz
Labels
type: bug type: security
Milestone
Sprint 67

Comments

@Balanced02
Copy link
Contributor

Expected behavior

  • Should only request for permissions that are used by the application
  • Use the data-access-auditing feature

Actual behavior

Users of the mobile application grant permissions to the application, trusting the team to use the permissions only for fair purposes. However, 3rd party dependencies of the mobile application may silently abuse privileges granted to the mobile to perform malicious operations. To prevent 3rd party dependencies from such permissions riding attacks, Android introduced the Data access auditing feature. The feature enables developers to monitor and limit usage of permissions by an application’s dependencies.

Steps to reproduce

Which version(s) does this affect? (Environment, OS, etc...)

  • Android
@sridharmeganathan sridharmeganathan added this to the Sprint 67 milestone Jul 3, 2023
@clemente-xyz clemente-xyz self-assigned this Jul 4, 2023
@clemente-xyz clemente-xyz moved this to In Progress in Lisk Mobile Version 3.0.0 Jul 4, 2023
@clemente-xyz clemente-xyz mentioned this issue Jul 4, 2023
Merged
1 task
8000
@sridharmeganathan sridharmeganathan mentioned this issue Jul 4, 2023
Closed
97 tasks
@clemente-xyz clemente-xyz moved this from In Progress to Pending Review in Lisk Mobile Version 3.0.0 Jul 6, 2023
@clemente-xyz clemente-xyz moved this from Pending Review to Done in Lisk Mobile Version 3.0.0 Jul 6, 2023
@ManuGowda ManuGowda changed the title Android does not implement Data access auditing Mobile android application: permission riding is possible Jul 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@clemente-xyz clemente-xyz

Labels
type: bug type: security
Projects
No open projects
Lisk Mobile Version 3.0.0
Status: Done
Milestone
Sprint 67
Development

Successfully merging a pull request may close this issue.

Implement data access audit for Android app LiskHQ/lisk-mobile
3 participants
@clemente-xyz @Balanced02 @sridharmeganathan
0