* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, September 27, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

    Harvest Fest 2025 – yadkinripple.com

    Celebrate the Bounty: Harvest Fest 2025 is Coming!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    TOMI Environmental Solutions, Inc. Expands SteraMist iHP Technology Services in Healthcare Sector with New Provider Partnership – Quiver Quantitative

    TOMI Environmental Solutions Accelerates SteraMist iHP Technology Expansion in Healthcare with New Provider Partnership

    Indiana County Technology Center’s Joint Operating Committee looks to the future as program plans began to take shape – Indiana Gazette Online

    Indiana County Technology Center’s Joint Operating Committee Charts an Exciting Path Forward as New Program Plans Take Shape

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

    Sate your hunger at DBA’s Taste of Downtown – Bakersfield.com

    Indulge Your Cravings at DBA’s Taste of Downtown!

    Caesars Entertainment (CZR): Assessing Valuation After Times Square Casino Setback and Mounting Investor Concerns – simplywall.st

    Caesars Entertainment Faces Times Square Casino Hurdles as Investor Concerns Mount

    Why Hilaria Baldwin Has Found the ‘DWTS’ Process ‘Embarrassing’ At Times – WFXG

    Hilaria Baldwin Opens Up About the Embarrassing Moments on Her ‘DWTS’ Journey

    Harvest Fest 2025 – yadkinripple.com

    Celebrate the Bounty: Harvest Fest 2025 is Coming!

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    Amazon to Pay $2.5 Billion in Prime Membership Settlement – The New York Times

    What are we really gaining from technology? – Fast Company

    What Are We Really Gaining from Technology?

    TOMI Environmental Solutions, Inc. Expands SteraMist iHP Technology Services in Healthcare Sector with New Provider Partnership – Quiver Quantitative

    TOMI Environmental Solutions Accelerates SteraMist iHP Technology Expansion in Healthcare with New Provider Partnership

    Indiana County Technology Center’s Joint Operating Committee looks to the future as program plans began to take shape – Indiana Gazette Online

    Indiana County Technology Center’s Joint Operating Committee Charts an Exciting Path Forward as New Program Plans Take Shape

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Android 15 may make it harder for sideloaded apps to get sensitive permissions

April 24, 2024
in Technology
Android 15 may make it harder for sideloaded apps to get sensitive permissions
Share on FacebookShare on Twitter

Android 15 logo on smartphone on counter stock photo (9)

Edgar Cervantes / Android Authority

TL;DR

Android 15 could introduce a new Enhanced Confirmation Mode that makes it harder for malicious apps to exploit an OS loophole.
Android blocks users from easily enabling the Accessibility or Notification Listener services of apps that are sideloaded from outside an app store.
However, the method that Android uses for this has a loophole in it that Android 15 will close.

Although most Android users download apps from preloaded app stores like Google Play, some users get their apps from alternative online sources, a practice called sideloading. This is possible because Android lets users install third-party apps without the Google Play Store so long as they get their hands on the necessary app installation files. The ability to freely sideload apps is a big part of what makes Android a more open platform than iOS. Unfortunately, it’s also the reason why people erroneously believe that Android is less secure than iOS.

That’s because regardless of where you source apps from, Android’s built-in privacy and security features ensure they can’t access sensitive permissions without your consent. However, it’s true that sideloading apps from alternative online sources carries a bit more risk for the average user when compared to sticking with Google Play. This is because it’s simply easier for malicious developers to distribute apps outside of Google Play since they don’t need to deal with the regulations, bureaucracy, and scrutiny that Google Play app distribution entails.

Malicious Android apps, no matter where they’re sourced from, commonly try to trick users into granting them access to the Accessibility and Notification Listener APIs because of their power. The Accessibility API lets apps read the content of the screen and also perform inputs on behalf of the user, while the Notification Listener API lets apps read or take action on any notification. These APIs can be used to commit ad fraud, steal one-time passwords (OTPs), install additional payloads, and do much, much more.

While Google Play has some (mostly bureaucratic) measures to ensure these APIs are used for their intended purposes, Android itself relies mostly on the app’s own declarations to decide how much access to grant. For example, starting in Android 13, the operating system prevents users from easily enabling the Accessibility or Notification Listener services of apps that were sideloaded from outside of an app store. If you were to, say, sideload an app sent to you via email, then Android would block you from enabling that app’s Accessibility or Notification Listener service as they’re marked as “restricted settings.”

Android Restricted Settings dialog

Mishaal Rahman / Android Authority

How does the OS know when apps are sideloaded from outside of an app store? It determines this based on whether or not the app that did the installation used Android’s session-based installation APIs (which are commonly but not exclusively used by app stores) versus Android’s non-session-based installation APIs (which are commonly used by file managers, web browsers, and other apps with generic file downloading support). The problem with this approach is that any app can utilize Android’s session-based installation APIs to sideload another app, meaning there’s no guarantee that a legitimate, third-party app store is actually the one that’s doing the sideloading. Malicious app developers have sadly recognized this loophole in Android’s Restricted Settings feature and have already been exploiting it to bypass this security feature.

Fortunately, Google is working on closing this obvious loophole in Android’s Restricted Settings feature. In Android 15, the company is preparing to introduce a new “Enhanced Confirmation Mode” feature that’s basically a tighter, more souped-up version of Restricted Settings. Although the Enhanced Confirmation Mode feature isn’t yet enabled in the latest Android 15 Beta 1.1 update, I analyzed the code and explained how it’ll work in some detail.

For starters, the wording in the Enhanced Confirmation Mode dialog closely matches the existing Restricted Settings dialog. Just like with Restricted Settings, the ECM dialog will say, “for your security, this setting is currently unavailable” when you try to enable an app’s Accessibility or Notification Listener service. However, the dialog will expand on the reasoning a bit by adding that “this app has requested the %1$s permission, which is a restricted setting because it can put your security & privacy at risk. Restriction to this permission may prevent this app from working.” Other than that, the rest of the dialog is the same, down to the title and the two buttons.

One crucial difference between Android 15’s new Enhanced Confirmation Mode and Android 13’s Restricted Settings feature is how they’re enforced. Instead of differentiating based on what installation APIs were used, Enhanced Confirmation Mode in Android 15 checks an allowlist that’s preloaded in the factory image. This allowlist is an XML file located in the /system/etc/sysconfig path of Android 15, and it determines which packages and installers are exempt from any restrictions.

Enhanced Confirmation Mode XML

Mishaal Rahman / Android Authority

Any packages that are explicitly allowlisted in the XML file are considered “trusted packages” and are exempt from ECM restrictions. Similarly, any installers that are listed in the XML file are considered “trusted installers,” which means the apps they then install are eligible to be exempt from ECM restrictions. An app installed by a “trusted installer” is exempt from ECM restrictions if it’s marked as coming from a “trustworthy” package source (i.e., it’s not marked as PACKAGE_SOURCE_DOWNLOADED_FILE or PACKAGE_SOURCE_LOCAL_FILE).

This means that users will be forced to see the Enhanced Confirmation Mode dialog if they try to enable an app’s Accessibility or Notification Listener service, provided the app came from an untrusted installer or an untrusted source. This would effectively close the loophole that existed in Android 13’s Restricted Settings feature, making it harder for malicious third-party apps to gain highly privileged permissions.

Unfortunately, I’m not sure whether it’ll be possible to still enable a legitimate, sideloaded app’s Accessibility or Notification Listener service if it’s hit with ECM restrictions. It’s possible to disable Restricted Settings for an app, so it should also be possible with ECM restrictions, but I can’t say for sure since I haven’t been able to get the feature to work yet in Android 15.

Android allow restricted setting

Mishaal Rahman / Android Authority

It’s also worth noting that currently, zero packages and installers are allowlisted by the system as of Android 15 Beta 1.1. If ECM were enabled, this would mean that all apps would be exempt from ECM restrictions, except those marked as coming from an untrustworthy source. Since ECM isn’t enabled and there aren’t any allowlisted installers or packages, though, I don’t have any information on how Google plans to use this feature. Will Google require the Play Store to be listed as a trusted installer on all Android devices? Which, if any, third-party app stores will Google and OEMs allowlist? These are questions I don’t know the answer to, but regardless, I’m glad to see Google take action to improve security in Android and am looking forward to finding out more details about Enhanced Confirmation Mode in Android 15.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Hacker News – https://www.androidauthority.com/android-15-enhanced-confirmation-mode-3436697/

Tags: Androidhardertechnology
Previous Post

Piet

Next Post

SB Nation NFL mock draft 2024: All of the first-round picks in one place

City Parks Initiative Launches Ecological Tracker for Bond Projects – Citizen Portal AI

Revolutionary Ecological Tracker Unveiled to Transform Monitoring of City Parks Bond Projects

September 27, 2025
Award-winning science writer leads student discussions at Eckerd – theonlinecurrent.com

Award-Winning Science Writer Inspires Student Discussions at Eckerd College

September 27, 2025
Human Head Transplants: Where the Science Stands, and Why the Ethics Are So Complicated – Discover Magazine

Human Head Transplants: The Science Behind the Procedure and the Complex Ethical Debate

September 27, 2025
New lifestyle brand TENŌRE set to open flagship store in Waikīkī – KITV

New lifestyle brand TENŌRE set to open flagship store in Waikīkī – KITV

September 27, 2025
Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

September 27, 2025
Hawaii women’s volleyball team prepares to get creative for Big West play – Spectrum News NY1

Hawaii women’s volleyball team prepares to get creative for Big West play – Spectrum News NY1

September 27, 2025
Hypertension – World Health Organization (WHO)

Hypertension – World Health Organization (WHO)

September 26, 2025
In Kansas City, Secretary Rollins Speaks on State of Farm Economy, Announces Suite of Actions to Support American Farmers – USDA (.gov)

Secretary Rollins Launches Bold New Initiatives to Boost Kansas City’s Farm Economy and Empower American Farmers

September 26, 2025
Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

September 26, 2025
Vandalia Health Mon Stonewall Jackson Memorial Hospital to host blood drive Sept. 29 – Mon Health

Vandalia Health Mon Stonewall Jackson Memorial Hospital to Host Life-Saving Blood Drive on September 29

September 26, 2025

Categories

Archives

September 2025
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (839)
  • Economy (859)
  • Entertainment (21,734)
  • General (17,265)
  • Health (9,902)
  • Lifestyle (872)
  • News (22,149)
  • People (861)
  • Politics (869)
  • Science (16,069)
  • Sports (21,359)
  • Technology (15,842)
  • World (842)

Recent News

City Parks Initiative Launches Ecological Tracker for Bond Projects – Citizen Portal AI

Revolutionary Ecological Tracker Unveiled to Transform Monitoring of City Parks Bond Projects

September 27, 2025
Award-winning science writer leads student discussions at Eckerd – theonlinecurrent.com

Award-Winning Science Writer Inspires Student Discussions at Eckerd College

September 27, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version