Guys, I have something to brag about. After almost a year of hard learning, I finally created my first mobile game! Storiado is a board game alternative that will make you wonder what’s wrong with your friends. Play by answering simple questions, mix all the answers, and generate the most twisted story you’ve ever read. And...
1.2+ million downloads and a rating of 4.2 – a good indicator for a safe app in Google's #PlayStore? One should think so – until one takes a look at its #permissions (46, including access to quite personal data) and the number of KNOWN #trackers#ExodusPrivacy reports (28!!).
Just wow. Had to add that one to my app lists, as a warning example.
For all of the people freaking out about the #permissions that the new #Threads app is asking for, let me just say that #Android#PlayStore does a much better job of describing these things than #Apple#iOS#AppStore. I will include a screenshot of the financial section of the app. Please note that most other sections also tell you that the majority of these things are optional. #meta#security
When using #clamscan, don't be tempted to change various file #permissions under #root when you notice #clamav can't scan everything. Rather than risk impacting the #security of those files, scan more relevant directories, which are more likely to be targeted, e.g. for a #server hosting a small site: /var/www, /var/log, /home, /bin etc. This also reduces resource usage. 👍 #gnu#linux#cli
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."
Note that Android at least does things a bit better than Flatpak: nowadays on modern Android every application needs to explicitly ask for user access to microphone, camera, files, and more before it can do stuff. Flatpak can implement such restrictions but provides absolutely no UI to do that, making it completely useless.
When you install flatpaks from the command line, there is no warning about what permissions will be used by that flatpak, and whether or not this is proprietary software. Again, much worse than what we are used to with regular packages.
I created a board game alternative for evil people (lemmy.today)
Guys, I have something to brag about. After almost a year of hard learning, I finally created my first mobile game! Storiado is a board game alternative that will make you wonder what’s wrong with your friends. Play by answering simple questions, mix all the answers, and generate the most twisted story you’ve ever read. And...
Discovering vulnerabilities in Android permissions using a solver approach (blog.thalium.re)
"This post dives into the Android permission system and how a solver was leveraged to find new vulnerabilities. With this approach, a privilege escalation was identified, which was fixed and assigned CVE-2023-20947 by Google."