zlacker

[return to "Everyone knows all the apps on your phone"]
1. captn3+ou[view] [source] 2025-03-30 02:37:34
>>gnitin+(OP)
The ACTION_MAIN loophole has been written about before: https://commonsware.com/blog/2020/04/05/android-r-package-vi...

Google refuses to patch this. I wonder what would happen if you submit it to the Android VDP as a permission bypass.

There’s also this SO question by the author about the bypass: https://stackoverflow.com/q/79527331

◧◩
2. nexle+ax[view] [source] 2025-03-30 03:09:07
>>captn3+ou
Thanks for the link, seems like the loophole is already there since the introduction of the package visibility restriction, and almost everyone and their mother knows how to bypass this restriction.

> Google refuses to patch this

While I don't believe Google engineers are not aware of this widely used loophole, do you have any source that they refused to fix it?

◧◩◪
3. AznHis+cz[view] [source] 2025-03-30 03:30:27
>>nexle+ax
That loophole was published 5 years ago, it hasnt been fixed since.

Do you need someone from Google to explicitly write an official note, notarized, indicating they are refusing to fix it?

◧◩◪◨
4. ignora+LB[view] [source] 2025-03-30 03:57:37
>>AznHis+cz
> refusing to fix it

Google addressed similar isolation concerns (without breaking a tonne of APIs in incompatible ways) with Private Space and Work Profile: https://source.android.com/docs/security/features/private-sp...

[go to top]