The release of TaintDroid by http://www.appanalysis.org/ on 9/29/2010 has highlighted the issue of application control in the Android OS.
At this time there is no granular control over what permissions application have.
Application installed by default (OEM) have all the permissions they were programmed with.
Applications installed from the AndroidMarket (or elsewhere) display a notification screen that lists what permissions the application is seeking.
These permissions are ‘all or nothing’. Many users treat this notification screen as the equivalent of a meaningless hassle, and similar to the “click here if you have read and agree to the EULA”.
Clicking install/agree on this notification allows the application all permissions requested, leaving the user without any option; short of un-installing the application.
This is where ComodoDroid comes in.
ComodoDroid for Android 2.2 is an application firewall that stands between the Android OS and the installed applications.
Applications can request the following permissions: http://developer.android.com/reference/android/Manifest.permission.html
ComodoDroid gives users granular control over application permissions.
Example 1; ComodoDroid: ‘Random Wallpaper App’ is requesting to ‘READ_SMS’
| Allow All for Application [Random Wallpaper App] // Deny this Application [Random Wallpaper App]
| or
| Allow [Read_SMS] access // Deny [READ_SMS] access
|
| Remember my response // Ask me again
Example 2; ComodoDroid: [Random Wallpaper App] is requesting “getDeviceId()” {Returns the unique device ID, for example, the IMEI for GSM and the MEID or ESN for CDMA phones.} as part of the READ_PHONE_STATE permission
| Allow…
Example 3; (( from http://appanalysis.org/demo/index.html 00:38 ))
ComodoDroid: Application com.wallpapers is attempting to send data to a remote computer (69.164.x.x)
Data: Phone Number, IMEI, ICCID (SIM Card Id);
Details; uniquely_code=xxxxxxxxxxxxxx&device_info&…
| Allow…
What do you think?
