* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, October 22, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

    AMC Launches First New Dolby Experience in Gwinnett Since 2017

    Hetzel Design: blending architecture and entertainment – Blooloop

    Hetzel Design: Where Architecture and Entertainment Unite in Perfect Harmony

    Country music legend rushed to hospital year after heart surgery. Here’s what we know – PennLive.com

    Country Music Legend Rushed to Hospital One Year After Heart Surgery – What’s Happening Now?

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Strictly Come Dancing results: Chris Robshaw is eliminated while drag queen La Voix escapes dance-off – Yahoo

    Placer County town of Loomis considers entertainment zone for downtown – CBS News

    Loomis Unveils Thrilling New Entertainment Zone to Revitalize Downtown

    CT Culture Corner: Robert Redford films to watch – CT Insider

    CT Culture Corner: Robert Redford films to watch – CT Insider

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 E Network Technology Group Limited Closes $1.5 Million Convertible Promissory Note Offering – Quiver Quantitative

    3 Technology Stocks to Buy Now – Yahoo Finance

    3 Must-Buy Tech Stocks You Can’t Afford to Miss Right Now

    ‘New frontier’: Austin leaders start discussions on air taxi technology – KXAN Austin

    Austin Leaders Ignite Exciting Conversations on the Future of Air Taxi Technology

    How a Gemma model helped discover a new potential cancer therapy pathway – blog.google

    How a Gemma Model Revealed a Breakthrough Pathway for Cancer Treatment

    Italian Technology in Manufacturing: Supporting North American Industries and Keeping Production Local – Thomasnet

    How Italian Technology is Revolutionizing North American Manufacturing and Boosting Local Production

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Android 15 may make it harder for sideloaded apps to get sensitive permissions

April 24, 2024
in Technology
Android 15 may make it harder for sideloaded apps to get sensitive permissions
Share on FacebookShare on Twitter

Android 15 logo on smartphone on counter stock photo (9)

Edgar Cervantes / Android Authority

TL;DR

Android 15 could introduce a new Enhanced Confirmation Mode that makes it harder for malicious apps to exploit an OS loophole.
Android blocks users from easily enabling the Accessibility or Notification Listener services of apps that are sideloaded from outside an app store.
However, the method that Android uses for this has a loophole in it that Android 15 will close.

Although most Android users download apps from preloaded app stores like Google Play, some users get their apps from alternative online sources, a practice called sideloading. This is possible because Android lets users install third-party apps without the Google Play Store so long as they get their hands on the necessary app installation files. The ability to freely sideload apps is a big part of what makes Android a more open platform than iOS. Unfortunately, it’s also the reason why people erroneously believe that Android is less secure than iOS.

That’s because regardless of where you source apps from, Android’s built-in privacy and security features ensure they can’t access sensitive permissions without your consent. However, it’s true that sideloading apps from alternative online sources carries a bit more risk for the average user when compared to sticking with Google Play. This is because it’s simply easier for malicious developers to distribute apps outside of Google Play since they don’t need to deal with the regulations, bureaucracy, and scrutiny that Google Play app distribution entails.

Malicious Android apps, no matter where they’re sourced from, commonly try to trick users into granting them access to the Accessibility and Notification Listener APIs because of their power. The Accessibility API lets apps read the content of the screen and also perform inputs on behalf of the user, while the Notification Listener API lets apps read or take action on any notification. These APIs can be used to commit ad fraud, steal one-time passwords (OTPs), install additional payloads, and do much, much more.

While Google Play has some (mostly bureaucratic) measures to ensure these APIs are used for their intended purposes, Android itself relies mostly on the app’s own declarations to decide how much access to grant. For example, starting in Android 13, the operating system prevents users from easily enabling the Accessibility or Notification Listener services of apps that were sideloaded from outside of an app store. If you were to, say, sideload an app sent to you via email, then Android would block you from enabling that app’s Accessibility or Notification Listener service as they’re marked as “restricted settings.”

Android Restricted Settings dialog

Mishaal Rahman / Android Authority

How does the OS know when apps are sideloaded from outside of an app store? It determines this based on whether or not the app that did the installation used Android’s session-based installation APIs (which are commonly but not exclusively used by app stores) versus Android’s non-session-based installation APIs (which are commonly used by file managers, web browsers, and other apps with generic file downloading support). The problem with this approach is that any app can utilize Android’s session-based installation APIs to sideload another app, meaning there’s no guarantee that a legitimate, third-party app store is actually the one that’s doing the sideloading. Malicious app developers have sadly recognized this loophole in Android’s Restricted Settings feature and have already been exploiting it to bypass this security feature.

Fortunately, Google is working on closing this obvious loophole in Android’s Restricted Settings feature. In Android 15, the company is preparing to introduce a new “Enhanced Confirmation Mode” feature that’s basically a tighter, more souped-up version of Restricted Settings. Although the Enhanced Confirmation Mode feature isn’t yet enabled in the latest Android 15 Beta 1.1 update, I analyzed the code and explained how it’ll work in some detail.

For starters, the wording in the Enhanced Confirmation Mode dialog closely matches the existing Restricted Settings dialog. Just like with Restricted Settings, the ECM dialog will say, “for your security, this setting is currently unavailable” when you try to enable an app’s Accessibility or Notification Listener service. However, the dialog will expand on the reasoning a bit by adding that “this app has requested the %1$s permission, which is a restricted setting because it can put your security & privacy at risk. Restriction to this permission may prevent this app from working.” Other than that, the rest of the dialog is the same, down to the title and the two buttons.

One crucial difference between Android 15’s new Enhanced Confirmation Mode and Android 13’s Restricted Settings feature is how they’re enforced. Instead of differentiating based on what installation APIs were used, Enhanced Confirmation Mode in Android 15 checks an allowlist that’s preloaded in the factory image. This allowlist is an XML file located in the /system/etc/sysconfig path of Android 15, and it determines which packages and installers are exempt from any restrictions.

Enhanced Confirmation Mode XML

Mishaal Rahman / Android Authority

Any packages that are explicitly allowlisted in the XML file are considered “trusted packages” and are exempt from ECM restrictions. Similarly, any installers that are listed in the XML file are considered “trusted installers,” which means the apps they then install are eligible to be exempt from ECM restrictions. An app installed by a “trusted installer” is exempt from ECM restrictions if it’s marked as coming from a “trustworthy” package source (i.e., it’s not marked as PACKAGE_SOURCE_DOWNLOADED_FILE or PACKAGE_SOURCE_LOCAL_FILE).

This means that users will be forced to see the Enhanced Confirmation Mode dialog if they try to enable an app’s Accessibility or Notification Listener service, provided the app came from an untrusted installer or an untrusted source. This would effectively close the loophole that existed in Android 13’s Restricted Settings feature, making it harder for malicious third-party apps to gain highly privileged permissions.

Unfortunately, I’m not sure whether it’ll be possible to still enable a legitimate, sideloaded app’s Accessibility or Notification Listener service if it’s hit with ECM restrictions. It’s possible to disable Restricted Settings for an app, so it should also be possible with ECM restrictions, but I can’t say for sure since I haven’t been able to get the feature to work yet in Android 15.

Android allow restricted setting

Mishaal Rahman / Android Authority

It’s also worth noting that currently, zero packages and installers are allowlisted by the system as of Android 15 Beta 1.1. If ECM were enabled, this would mean that all apps would be exempt from ECM restrictions, except those marked as coming from an untrustworthy source. Since ECM isn’t enabled and there aren’t any allowlisted installers or packages, though, I don’t have any information on how Google plans to use this feature. Will Google require the Play Store to be listed as a trusted installer on all Android devices? Which, if any, third-party app stores will Google and OEMs allowlist? These are questions I don’t know the answer to, but regardless, I’m glad to see Google take action to improve security in Android and am looking forward to finding out more details about Enhanced Confirmation Mode in Android 15.

Got a tip? Talk to us! Email our staff at [email protected]. You can stay anonymous or get credit for the info, it’s your choice.

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Hacker News – https://www.androidauthority.com/android-15-enhanced-confirmation-mode-3436697/

Tags: Androidhardertechnology
Previous Post

Piet

Next Post

SB Nation NFL mock draft 2024: All of the first-round picks in one place

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Makes History with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
AMC brings first new Dolby Experience to Gwinnett since 2017 – Wyoming News Now

AMC Launches First New Dolby Experience in Gwinnett Since 2017

October 22, 2025
UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

UCare, other carriers dropping Medicare Advantage Plans, leaving 200K Minnesota seniors without health insurance – CBS News

October 22, 2025
With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

With Israel-Hamas Cease-Fire, Some Pro-Palestinian Protesters Look Back at Their Movement, Ruefully – The New York Times

October 21, 2025
Fusobacterium nucleatum : ecology, pathogenesis and clinical implications – Nature

Unveiling Fusobacterium nucleatum: Exploring Its Ecology, Disease Connections, and Health Impact

October 21, 2025
Escherichia coli with a 57-codon genetic code – Science | AAAS

Escherichia coli Engineered with a Revolutionary 57-Codon Genetic Code

October 21, 2025
LOCALIZE IT: Over 420 anti-science bills target public health protections in statehouses across US – newspressnow.com

More Than 420 Anti-Science Bills Jeopardize Public Health Across the Nation

October 21, 2025
Halloween not your thing? Here’s when Christmas at the Newport mansions will start. – The Providence Journal

Not a Halloween Fan? Find Out When Christmas Magic Begins at the Newport Mansions!

October 21, 2025
Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

Office Technology: Dealers’ Managed IT Revenue up Nearly 30% – The Cannata Report –

October 21, 2025

Categories

Archives

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  
« Sep    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (879)
  • Economy (901)
  • Entertainment (21,772)
  • General (17,729)
  • Health (9,942)
  • Lifestyle (913)
  • News (22,149)
  • People (901)
  • Politics (911)
  • Science (16,111)
  • Sports (21,400)
  • Technology (15,880)
  • World (884)

Recent News

Jacobson earns program’s first medal at U23 World Championships – nmuwildcats.com

Jacobson Makes History with Program’s First Medal at U23 World Championships

October 22, 2025
AHLA: Hotels generate $7B for Denver economy – Hotel Management

Hotels Drive Denver’s Economy to Soar by $7 Billion

October 22, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version