• General

  • Question about possible data leaks when giving special permissions to an app

Hello,
likely as many users of GrapheneOS, my main source of applications is F-droid.

Today I was installing the app "BBS" from their repo's. After giving all needed permissions via adb:
android.permission.DUMP
android.permission.BATTERY_STATS
android.permission.PACKAGE_USAGE_STATS
and giving the phone permission, it was working fine.

After digging a little deeper and reading a bit on the related XDA Thread, I started to notice that the developer isn't the maintainer of the F-Droid version.

I was concerned about security and uninstalled the app.
So I would like to ask, is there a chance of a data leak although the Network permission was not given at any time?

Thanks in advance!

    ParanoidAndroid

    It should be fine. Those 3 permissions only permit BBS to see log and stats info from the phone.

      Thanks for your quick reply!

      Assuming this package is some kind of malware, would it be possible for the application to install some other malware?

      I am not an security expert but I would like to understand how to limit the attack surface in the future. I am also interested in how thinks work and how classical malware is executing it's attacks on Android.

        ParanoidAndroid Assuming this package is some kind of malware, would it be possible for the application to install some other malware?

        You'd need to allow it to install apps by toggling on the "install from unknown sources" toggle for it.