I own a Sony Z3 compact with Marshmallow 6.0.1 on it.
There is an pre-installed App called File Commander, which is an app to browse the contents of internal and sd card storage.
I have revoked all runtime permission from it in Android settings dialog.
Still, in this app I can explore all contents on my sd-card, delete files and view pictures.
Just to make sure that this App does not simply view this picture in another app put up front, I revoked storage permission from all apps (yes, also system apps). It would not make a difference.
How is that possible? It seems that Androids permission framework (on storage, at least) is easily exploitable.
There is an pre-installed App called File Commander, which is an app to browse the contents of internal and sd card storage.
I have revoked all runtime permission from it in Android settings dialog.
Still, in this app I can explore all contents on my sd-card, delete files and view pictures.
Just to make sure that this App does not simply view this picture in another app put up front, I revoked storage permission from all apps (yes, also system apps). It would not make a difference.
How is that possible? It seems that Androids permission framework (on storage, at least) is easily exploitable.
No comments:
Post a Comment