Pipe 3EB Google Play hides app permission changes in automatic updates

Google Play hides app permission changes in automatic updates

by
Anonymous Coward
in google on (#3EB)
Google has changed how new app permissions are applied when updating Google Play apps. Previously, automatically updated apps displayed explicit details and required user confirmation when a new version gained additional privileges. Google Play no longer displays the addition of new privileges if a user has previously accepted any other permission in the same category as the new permission. This makes it possible for an app to sneak in permission changes without the user realising making the Android platform less secure.

History

2014-08-10 21:03
Google Play hides app permission changes in automatic updates
zafiro17@pipedot.org
Google has changed how new app permissions are applied when updating Google Play apps. Previously, automatically updated apps displayed explicit details and required user confirmation when a new version gained additional privileges. Google Play no longer displays the addition of new privileges if a user has previously accepted any other permission in the same category as the new permission. This makes it possible for an app to sneak in permission changes without the user realising making the Android platform less secure.
Reply 1 comments

Reddit user found vunerability in google play permission hiding change (Score: 0)

by Anonymous Coward on 2014-08-10 13:24 (#2SF)

Reddit user iamtubbeman initially discovered that these groups combine low-level permissions with higher permissions that could be used for more nefarious purposes. For example, an app that can receive an SMS could silently be updated to also send SMS, costing the user money. Likewise, an app that previously used Wi-Fi to find a user’s general location, could acquire GPS access to see the user’s precise location.