Hacker News new | ask | show | jobs
by gruez 668 days ago
It's a preloaded app with possibly privileged permissions (ie. permissions that apps you install normally can't get), so it's possibly worse than what you can normally achieve via physical access. I checked the iVerify report[1], and it doesn't look like such permissions exist, but I'd appreciate more elaboration about the actual vulnerability from grapheneos's debunking post, rather than spending half the article ranting about how various entities are bad.

[1] https://40052983.fs1.hubspotusercontent-na1.net/hubfs/400529...
1 comments
hiatus 668 days ago
Even if it has more permissions than a normal app, if you have the password and unrestricted local access to the phone you can already put it in debugging mode and connect to it via adb.
link
gruez 668 days ago
Permissions with protectionLevel of "signature|privileged" can't be granted with adb, so having such an app installed would give you more access than you can get via adb.

https://developer.android.com/reference/android/R.attr#prote...

link
hiatus 668 days ago
Thank you, I did not know that.
link