Sign in to follow this  
Followers 0
zeus.bd

Mobile Security Permissions

1 post in this topic

Below you will find a full list of permissions Bitdefender Mobile Security requires.

General Mobile Security permissions : the following permission are used across multiple modules and are explained in-line :

  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services ; licensing ; Web-Security ; Malware Scanner
  • android.permission.GET_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.MANAGE_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.USE_CREDENTIALS -> used if the user wants to log-in using his Google Account
  • com.android.vending.BILLING -> used for In-app-purchase ; the user must have the latest version of Google Play Store on his device
  • com.google.android.c2dm.permission.RECEIVE / com.google.android.c2dm.permission.SEND / com.google.android.c2dm.intent.REGISTRATION-> used for Anti-theft functionality over web-console
  • android.permission.RECEIVE_BOOT_COMPLETED -> used for keeping services running after boot

Web Security : in order to provide WebSecurity the following permissions are required :

  • com.android.browser.permission.READ_HISTORY_BOOKMARKS
  • com.android.browser.permission.WRITE_HISTORY_BOOKMARKS

Anti-Theft :

General Anti-thef permissions - the following permissions are used in all anti-theft functions and are explained in-line

  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services
  • android.permission.BIND_DEVICE_ADMIN -> required for all anti-thef modules except GeoLocation

The anti-thef module requires some permissions that might seem intrusive , so to shed a clear light on why they are necessary we'll break them down below.

Web Control

  1. Geolocate : the permissions requested bellow are necessary to get the best possible location

    • android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
    • android.permission.ACCESS_NETWORK_STATE
    • android.permission.ACCESS_WIFI_STATE
    • android.permission.ACCESS_COARSE_LOCATION
    • android.permission.ACCESS_FINE_LOCATION
  2. Remote lock :

    • android.app.action.ACTION_PASSWORD_SUCCEEDED
    • android.permission.BIND_DEVICE_ADMIN
  3. Remote Wipe : only requires device admin to be enabled

SMS Control

  1. SMS Commands : Mobile Security now supports SMS commands. This along brings the need for us to request permissions for reading / writing SMS's. The flow is as follows : Mobile Security has to read a SMS that was received -> parse it in order to identify if it's a legitimate command -> take action according to the command received -> and respond back to the number which issued the command.

  • android.permission.READ_SMS
  • android.permission.WRITE_SMS
  • android.permission.RECEIVE_SMS
  • android.permission.SEND_SMS
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_CONTACTS - > required to access phone contacts when selecting buddy number
  • android.permission.CALL_PHONE -> required when issuing callme command
  • android.permission.BLUETOOTH / android.permission.MODIFY_AUDIO_SETTINGS -> required when issuing answer command
  • android.permission.SYSTEM_ALERT_WINDOW -> required for PIN protection

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0