Do not really understand how Android sandboxing works for system apps.

  • @[email protected]
    link
    fedilink
    English
    9
    edit-2
    1 year ago

    In order to have google apps and google services on an android installation that doesn’t have them yet, you need to sideload them. LineageOS has a list of GApps zips and here’s an example of how to install them for a FairPhone running LineageOS.

    If you look into the zip /system/system_ext/etc/permissions/privapp-permissions-google-system-ext.xml, you can see all the permissions given to it a system application.

    android.permission.RECOVERY, android.permission.MANAGE_USERS, android.permission.INTERACT_ACROSS_USERS stand out the most. These permissions allow the phone to be started, arbitrary apps to be installed and users to be created with new permissions.

    Google Services doesn’t need to have access to camera or any other component as it can install whatever it likes that has access to those.

    Let’s not kid ourselves, if you have Google Services installed, you have a rootkit installed with a bunch of proprietary code.

    Here’s the entire file for reference and you can look up each permission individually to see what access will be given. lemmy doesn’t handle XML in triple backticks well (at all).

    • FarLine99OP
      link
      fedilink
      English
      31 year ago

      Thanks for the detailed response. Creating/interacting between new users is a serious opportunity for permission bypass. Content of the file won’t load for some reason, but still :)