Jump to content


Photo

Mobile Security Permissions


  • This topic is locked This topic is locked
No replies to this topic

#1 Daniel.M

Daniel.M

    Poster

  • Moderators
  • Pip
  • 87 posts

Posted 03 September 2012 - 03:19 PM

Below you will find a full list of permissions Bitdefender Mobile Security requires.


General Mobile Security permissions : the following permission are used across multiple modules and are explained in-line :
  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services ; licensing ; Web-Security ; Malware Scanner
  • android.permission.GET_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.MANAGE_ACCOUNTS -> used if the user wants to log-in using his Google Account
  • android.permission.USE_CREDENTIALS -> used if the user wants to log-in using his Google Account
  • com.android.vending.BILLING -> used for In-app-purchase ; the user must have the latest version of Google Play Store on his device
  • com.google.android.c2dm.permission.RECEIVE / com.google.android.c2dm.permission.SEND / com.google.android.c2dm.intent.REGISTRATION-> used for Anti-theft functionality over web-console
  • android.permission.RECEIVE_BOOT_COMPLETED -> used for keeping services running after boot


Web Security : in order to provide WebSecurity the following permissions are required :
  • com.android.browser.permission.READ_HISTORY_BOOKMARKS
  • com.android.browser.permission.WRITE_HISTORY_BOOKMARKS


Anti-Theft :
General Anti-thef permissions - the following permissions are used in all anti-theft functions and are explained in-line
  • android.permission.WAKE_LOCK -> used when receiving commands from web-console in order to interpret the command at the time it's received
  • android.permission.INTERNET -> used when communicating with Bitdefender web-services
  • android.permission.BIND_DEVICE_ADMIN -> required for all anti-thef modules except GeoLocation


The anti-thef module requires some permissions that might seem intrusive , so to shed a clear light on why they are necessary we'll break them down below.

Web Control
  1. Geolocate : the permissions requested bellow are necessary to get the best possible location
    • android.permission.ACCESS_LOCATION_EXTRA_COMMANDS
    • android.permission.ACCESS_NETWORK_STATE
    • android.permission.ACCESS_WIFI_STATE
    • android.permission.ACCESS_COARSE_LOCATION
    • android.permission.ACCESS_FINE_LOCATION
  2. Remote lock :
    • android.app.action.ACTION_PASSWORD_SUCCEEDED
    • android.permission.BIND_DEVICE_ADMIN
  3. Remote Wipe : only requires device admin to be enabled



SMS Control
  1. SMS Commands : Mobile Security now supports SMS commands. This along brings the need for us to request permissions for reading / writing SMS's. The flow is as follows : Mobile Security has to read a SMS that was received -> parse it in order to identify if it's a legitimate command -> take action according to the command received -> and respond back to the number which issued the command.

  • android.permission.READ_SMS
  • android.permission.WRITE_SMS
  • android.permission.RECEIVE_SMS
  • android.permission.SEND_SMS
  • android.permission.READ_PHONE_STATE
  • android.permission.READ_CONTACTS - > required to access phone contacts when selecting buddy number
  • android.permission.CALL_PHONE -> required when issuing callme command
  • android.permission.BLUETOOTH / android.permission.MODIFY_AUDIO_SETTINGS -> required when issuing answer command
  • android.permission.SYSTEM_ALERT_WINDOW -> required for PIN protection






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users