Google Android 15: Restricts sideloaded apps from obtaining sensitive permissions

23/04/2024

Foreign technology media Android Authority recently excavated the latest Android 15 Beta 1.1 update and discovered the “Enhanced Confirmation Mode” in the code, which further restricts the sensitive permissions of sideloaded applications.

The “Enhanced Confirmation Mode” (ECM) dialog box is similar to the existing “Restricted Settings” (Restricted Settings). If an application installed through sideloading wants to enable accessibility features or notify the listener service, the ECM dialog box It will say: “For your security, this setting is currently unavailable”.

Note: The key difference between the “enhanced confirmation mode” in Android 15 and the “restricted settings” introduced in Android 13 is the execution method.

The “enhanced confirmation mode” in Android 15 is not distinguished based on the installation API method used, but by checking the preloaded whitelist in the factory image.

This whitelist is an XML file located in the /system/etc/sysconfig path in Android 15 that determines which packages and installers are exempt from any restrictions, while apps not on this whitelist are blocked from running by default.

Any package explicitly allowed in the XML file is considered a “trusted package” and is not subject to ECM restrictions. Likewise, any installer listed in the XML file is considered a “trusted installer,” meaning that applications they subsequently install are eligible to be exempt from ECM restrictions.

Applications installed by a “trusted installer” are not subject to ECM restrictions if they are marked as coming from a “trusted” package source (that is, not marked as PACKAGE_SOURCE_DOWNLOADED_FILE or PACKAGE_SOURCE_LOCAL_FILE).

Users who attempt to enable accessibility or notification listener services for an application will be forced to see the Enhanced Confirmation Mode dialog box if the application comes from an untrusted installer or an untrusted source.

This approach effectively closes a vulnerability in Android 13’s “Restricted Settings” feature, making it more difficult for malicious third-party applications to gain high-privilege permissions.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

RELATED ARTICLES

Starting from 48,900, Geely Panda Karting officially starts pre-sale

Ford: Expand charging network, fuel/ hybrid/ pure electric in parallel

Chery’s two new cars are exposed, targeting overseas markets