Google Play hides app permission changes in automatic updates

by
Anonymous Coward
in google on (#3EB)
Google has changed how new app permissions are applied when updating Google Play apps. Previously, automatically updated apps displayed explicit details and required user confirmation when a new version gained additional privileges. Google Play no longer displays the addition of new privileges if a user has previously accepted any other permission in the same category as the new permission. This makes it possible for an app to sneak in permission changes without the user realising making the Android platform less secure.

History


Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /var/pipedot/include/diff.php on line 25

Deprecated: Creation of dynamic property FineDiff::$granularityStack is deprecated in /var/pipedot/lib/finediff/finediff.php on line 217

Deprecated: Creation of dynamic property FineDiff::$edits is deprecated in /var/pipedot/lib/finediff/finediff.php on line 218

Deprecated: Creation of dynamic property FineDiff::$from_text is deprecated in /var/pipedot/lib/finediff/finediff.php on line 219

Deprecated: Creation of dynamic property FineDiff::$last_edit is deprecated in /var/pipedot/lib/finediff/finediff.php on line 372

Deprecated: Creation of dynamic property FineDiff::$stackpointer is deprecated in /var/pipedot/lib/finediff/finediff.php on line 373

Deprecated: Creation of dynamic property FineDiff::$from_offset is deprecated in /var/pipedot/lib/finediff/finediff.php on line 375

Deprecated: Creation of dynamic property FineDiffCopyOp::$len is deprecated in /var/pipedot/lib/finediff/finediff.php on line 155
2014-08-10 21:03
Google Play hides app permission changes in automatic updates
zafiro17@pipedot.org
Google has changed how new app permissions are applied when updating Google Play apps. Previously, automatically updated apps displayed explicit details and required user confirmation when a new version gained additional privileges. Google Play no longer displays the addition of new privileges if a user has previously accepted any other permission in the same category as the new permission. This makes it possible for an app to sneak in permission changes without the user realising making the Android platform less secure.
Reply 1 comments

Reddit user found vunerability in google play permission hiding change (Score: 0)

by Anonymous Coward on 2014-08-10 13:24 (#2SF)

Reddit user iamtubbeman initially discovered that these groups combine low-level permissions with higher permissions that could be used for more nefarious purposes. For example, an app that can receive an SMS could silently be updated to also send SMS, costing the user money. Likewise, an app that previously used Wi-Fi to find a user's general location, could acquire GPS access to see the user's precise location.