* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Tuesday, July 29, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

    League City seeking proposals for 53-acre entertainment district on sportsplex land – galvnews.com

    League City Invites Proposals to Transform 53-Acre Sportsplex into Vibrant Entertainment District

    Top 5 entertainment news: Sandeep Reddy Vanga regrets trimming Animal’s runtime by 7-8 minutes, Akshay Ku – Times of India

    Top 5 Entertainment Highlights: Sandeep Reddy Vanga Reveals Why He Trimmed Animal’s Runtime by 7-8 Minutes, Plus Akshay Ku Updates

    Cote de Pablo reveals how Michael Weatherly used his soap opera roots to put her at ease in “NCIS” love scene – yahoo.com

    Cote de Pablo Reveals How Michael Weatherly’s Soap Opera Background Made Their “NCIS” Love Scene Easier

    City of Pelham announces entertainment district plans for former Oak Mountain Amphitheatre site – WVTM

    Pelham Unveils Exciting New Entertainment District Plans for Former Oak Mountain Amphitheatre Site

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

    Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

    Micro wrestling coming to NE Ohio – Cleveland.com

    Get Ready, NE Ohio: Micro Wrestling Is Making Its Exciting Debut!

    League City seeking proposals for 53-acre entertainment district on sportsplex land – galvnews.com

    League City Invites Proposals to Transform 53-Acre Sportsplex into Vibrant Entertainment District

    Top 5 entertainment news: Sandeep Reddy Vanga regrets trimming Animal’s runtime by 7-8 minutes, Akshay Ku – Times of India

    Top 5 Entertainment Highlights: Sandeep Reddy Vanga Reveals Why He Trimmed Animal’s Runtime by 7-8 Minutes, Plus Akshay Ku Updates

    Cote de Pablo reveals how Michael Weatherly used his soap opera roots to put her at ease in “NCIS” love scene – yahoo.com

    Cote de Pablo Reveals How Michael Weatherly’s Soap Opera Background Made Their “NCIS” Love Scene Easier

    City of Pelham announces entertainment district plans for former Oak Mountain Amphitheatre site – WVTM

    Pelham Unveils Exciting New Entertainment District Plans for Former Oak Mountain Amphitheatre Site

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    More than just a hockey player – Rochester Institute of Technology Athletics

    Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    Smart Logistics in Warehousing – From Legacy Protocols to Green IoT – How Technology Is Reshaping the Sustainable Supply Chain – Logistics Viewpoints –

    AI’s race in the dark with China – Axios

    The High-Stakes AI Race: Innovation and Competition in the Shadows

    Eagle Unveils Revolutionary X-Ray Technology at Pack Expo

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    Validea’s Top Information Technology Stocks Based On Peter Lynch – 7/25/2025 – Nasdaq

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    WhoFi: New surveillance technology can track people by how they disrupt Wi-Fi signals – Tech Xplore

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Android 15 may make it harder for sideloaded apps to get sensitive permissions

April 24, 2024
in Technology
Android 15 may make it harder for sideloaded apps to get sensitive permissions
Share on FacebookShare on Twitter

Android 15 logo on smartphone on counter stock photo (9)

Edgar Cervantes / Android Authority

TL;DR

Android 15 could introduce a new Enhanced Confirmation Mode that makes it harder for malicious apps to exploit an OS loophole.
Android blocks users from easily enabling the Accessibility or Notification Listener services of apps that are sideloaded from outside an app store.
However, the method that Android uses for this has a loophole in it that Android 15 will close.

Although most Android users download apps from preloaded app stores like Google Play, some users get their apps from alternative online sources, a practice called sideloading. This is possible because Android lets users install third-party apps without the Google Play Store so long as they get their hands on the necessary app installation files. The ability to freely sideload apps is a big part of what makes Android a more open platform than iOS. Unfortunately, it’s also the reason why people erroneously believe that Android is less secure than iOS.

That’s because regardless of where you source apps from, Android’s built-in privacy and security features ensure they can’t access sensitive permissions without your consent. However, it’s true that sideloading apps from alternative online sources carries a bit more risk for the average user when compared to sticking with Google Play. This is because it’s simply easier for malicious developers to distribute apps outside of Google Play since they don’t need to deal with the regulations, bureaucracy, and scrutiny that Google Play app distribution entails.

Malicious Android apps, no matter where they’re sourced from, commonly try to trick users into granting them access to the Accessibility and Notification Listener APIs because of their power. The Accessibility API lets apps read the content of the screen and also perform inputs on behalf of the user, while the Notification Listener API lets apps read or take action on any notification. These APIs can be used to commit ad fraud, steal one-time passwords (OTPs), install additional payloads, and do much, much more.

While Google Play has some (mostly bureaucratic) measures to ensure these APIs are used for their intended purposes, Android itself relies mostly on the app’s own declarations to decide how much access to grant. For example, starting in Android 13, the operating system prevents users from easily enabling the Accessibility or Notification Listener services of apps that were sideloaded from outside of an app store. If you were to, say, sideload an app sent to you via email, then Android would block you from enabling that app’s Accessibility or Notification Listener service as they’re marked as “restricted settings.”

Android Restricted Settings dialog

Mishaal Rahman / Android Authority

How does the OS know when apps are sideloaded from outside of an app store? It determines this based on whether or not the app that did the installation used Android’s session-based installation APIs (which are commonly but not exclusively used by app stores) versus Android’s non-session-based installation APIs (which are commonly used by file managers, web browsers, and other apps with generic file downloading support). The problem with this approach is that any app can utilize Android’s session-based installation APIs to sideload another app, meaning there’s no guarantee that a legitimate, third-party app store is actually the one that’s doing the sideloading. Malicious app developers have sadly recognized this loophole in Android’s Restricted Settings feature and have already been exploiting it to bypass this security feature.

Fortunately, Google is working on closing this obvious loophole in Android’s Restricted Settings feature. In Android 15, the company is preparing to introduce a new “Enhanced Confirmation Mode” feature that’s basically a tighter, more souped-up version of Restricted Settings. Although the Enhanced Confirmation Mode feature isn’t yet enabled in the latest Android 15 Beta 1.1 update, I analyzed the code and explained how it’ll work in some detail.

For starters, the wording in the Enhanced Confirmation Mode dialog closely matches the existing Restricted Settings dialog. Just like with Restricted Settings, the ECM dialog will say, “for your security, this setting is currently unavailable” when you try to enable an app’s Accessibility or Notification Listener service. However, the dialog will expand on the reasoning a bit by adding that “this app has requested the %1$s permission, which is a restricted setting because it can put your security & privacy at risk. Restriction to this permission may prevent this app from working.” Other than that, the rest of the dialog is the same, down to the title and the two buttons.

One crucial difference between Android 15’s new Enhanced Confirmation Mode and Android 13’s Restricted Settings feature is how they’re enforced. Instead of differentiating based on what installation APIs were used, Enhanced Confirmation Mode in Android 15 checks an allowlist that’s preloaded in the factory image. This allowlist is an XML file located in the /system/etc/sysconfig path of Android 15, and it determines which packages and installers are exempt from any restrictions.

Enhanced Confirmation Mode XML

Mishaal Rahman / Android Authority

Any packages that are explicitly allowlisted in the XML file are considered “trusted packages” and are exempt from ECM restrictions. Similarly, any installers that are listed in the XML file are considered “trusted installers,” which means the apps they then install are eligible to be exempt from ECM restrictions. An app installed by a “trusted installer” is exempt from ECM restrictions if it’s marked as coming from a “trustworthy” package source (i.e., it’s not marked as PACKAGE_SOURCE_DOWNLOADED_FILE or PACKAGE_SOURCE_LOCAL_FILE).

This means that users will be forced to see the Enhanced Confirmation Mode dialog if they try to enable an app’s Accessibility or Notification Listener service, provided the app came from an untrusted installer or an untrusted source. This would effectively close the loophole that existed in Android 13’s Restricted Settings feature, making it harder for malicious third-party apps to gain highly privileged permissions.

Unfortunately, I’m not sure whether it’ll be possible to still enable a legitimate, sideloaded app’s Accessibility or Notification Listener service if it’s hit with ECM restrictions. It’s possible to disable Restricted Settings for an app, so it should also be possible with ECM restrictions, but I can’t say for sure since I haven’t been able to get the feature to work yet in Android 15.

Android allow restricted setting

Mishaal Rahman / Android Authority

It’s also worth noting that currently, zero packages and installers are allowlisted by the system as of Android 15 Beta 1.1. If ECM were enabled, this would mean that all apps would be exempt from ECM restrictions, except those marked as coming from an untrustworthy source. Since ECM isn’t enabled and there aren’t any allowlisted installers or packages, though, I don’t have any information on how Google plans to use this feature. Will Google require the Play Store to be listed as a trusted installer on all Android devices? Which, if any, third-party app stores will Google and OEMs allowlist? These are questions I don’t know the answer to, but regardless, I’m glad to see Google take action to improve security in Android and am looking forward to finding out more details about Enhanced Confirmation Mode in Android 15.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it’s your choice.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Hacker News – https://www.androidauthority.com/android-15-enhanced-confirmation-mode-3436697/

Tags: Androidhardertechnology
Previous Post

Piet

Next Post

SB Nation NFL mock draft 2024: All of the first-round picks in one place

More than just a hockey player – Rochester Institute of Technology Athletics

Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

July 29, 2025
Sports Illustrated’s College Football Preseason Top 25: No. 20 Missouri – Sports Illustrated

Missouri Climbs to No. 20 in Thrilling College Football Preseason Top 25

July 29, 2025
Time to stop Dhaka from rolling to ecological disaster – New Age BD

Urgent Action Needed to Prevent Dhaka’s Ecological Disaster

July 29, 2025
Guest column | I’m a cardiologist. Here are 10 science-based ways to prevent heart disease. – The Washington Post

I’m a Cardiologist: 10 Science-Backed Tips to Prevent Heart Disease

July 29, 2025
Author talk with science, environmental journalist, ‘Strata: Stories from Deep Time’ – PenBay Pilot

Author Talk with Science and Environmental Journalist Behind ‘Strata: Stories from Deep Time

July 29, 2025
Alzheimer’s progression could be slowed by these changes to lifestyle – The Independent

Simple Lifestyle Changes That Could Slow Alzheimer’s Progression

July 29, 2025
Divya Deshmukh becomes third Women’s World Cup Champion, defeats Humpy Koneru in tiebreak – FIDE

Divya Deshmukh becomes third Women’s World Cup Champion, defeats Humpy Koneru in tiebreak – FIDE

July 29, 2025
It’s a gig economy for CEOs these days, too – Axios

It’s a gig economy for CEOs these days, too – Axios

July 29, 2025
Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, Boyd – CDC Gaming

Top Wall Street Bets: Caesars, Golden Entertainment, Churchill Downs, GLPI, and Boyd Take Center Stage

July 29, 2025
US judge blocks Trump’s effort to defund reproductive health organisation – Al Jazeera

US judge blocks Trump’s effort to defund reproductive health organisation – Al Jazeera

July 29, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (744)
  • Economy (768)
  • Entertainment (21,648)
  • General (16,168)
  • Health (9,805)
  • Lifestyle (776)
  • News (22,149)
  • People (770)
  • Politics (777)
  • Science (15,981)
  • Sports (21,266)
  • Technology (15,749)
  • World (751)

Recent News

More than just a hockey player – Rochester Institute of Technology Athletics

Beyond the Ice: The Inspiring Journey of a Remarkable Athlete from Rochester Institute of Technology

July 29, 2025
Sports Illustrated’s College Football Preseason Top 25: No. 20 Missouri – Sports Illustrated

Missouri Climbs to No. 20 in Thrilling College Football Preseason Top 25

July 29, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version