android.permission.READ_EXTERNAL_STORAGE - Security Discussion

Ebay app requires that, also write. Is it the micro sd it wants to access?

Related

[Q] Can I copy my employee card to NS

Can I copy my employee card and storage in NS?
For more detail
MifareClassic Type A (ISO 14443)
exssrerion said:
Can I copy my employee card and storage in NS?
For more detail
MifareClassic Type A (ISO 14443)
Click to expand...
Click to collapse
Most likely. It's most likely not NDEF formatted, so the built in Tags app won't recognize it. There are some apps in the market that will read the raw data from each block of the Mifare cards and display them. If you are looking to just read it (and potentially save it) then that's possible. Right now you won't be able to emulate that card though for use instead of your employee card.
krohnjw said:
Most likely. It's most likely not NDEF formatted, so the built in Tags app won't recognize it. There are some apps in the market that will read the raw data from each block of the Mifare cards and display them. If you are looking to just read it (and potentially save it) then that's possible. Right now you won't be able to emulate that card though for use instead of your employee card.
Click to expand...
Click to collapse
I think my employee card have NDFE, I used many app to read this card.
But I can't read raw data in this card.

Objective of Kitkat SD Card Permissions

Regarding 4.4 Kitkat External SD Card access permision, anyone can explain to us what is the objective of having such rigid permissions ?
"....
Starting in Android 4.4, the owner, group and modes of files on external storage devices are now synthesized based on directory structure. This enables apps to manage their package-specific directories on external storage without requiring they hold the broad WRITE_EXTERNAL_STORAGE permission. For example, the app with package name com.example.foo can now freely access Android/data/com.example.foo/ on external storage devices with no permissions. These synthesized permissions are accomplished by wrapping raw storage devices in a FUSE daemon.
..."
Full source : http://source.android.com/devices/tech/storage/
On 4.3 and older, a malicious app can wipe the whole sdcard with standard permissions. New permissions prevent it.
aydc said:
On 4.3 and older, a malicious app can wipe the whole sdcard with standard permissions. New permissions prevent it.
Click to expand...
Click to collapse
So this is useful then not a considered 'bug'..
I guess there will be no benefits anymore to use 3rd party file manager if we dont root our phones. Niche market just collapsed.
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
pete4k said:
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
Click to expand...
Click to collapse
That's what I had in mind too but if you see from the source link above I think Google is anticipating MULTI USER environment where some "stuffs" from me could wrack havoc some of "your stuffs". That scenario actually will only happen on MULTI USER tablet / smartphone, but that surely not mainstream are they ?
pete4k said:
Sorry, but I have follow up questions:
I wonder how many malicious pieces of software like that are in a Google Play store to warrant breaking most third party applications that write to SD card? But I guess now, that apps can't write to SD card, there will be not much to protect there anyhow? And how will this all work in the future, once apps get their permissions fixed? I won't be allowed to access my card or format it at will? or will I be able to grant those permissions, but then how would I know the software is malicious any more than I know now? Am I too stupid to grasp the logic of all this?
Click to expand...
Click to collapse
As stated on source.android.com:
Starting in Android 4.4, the owner, group and modes of files on external storage devices are now synthesized based on directory structure. This enables apps to manage their package-specific directories on external storage without requiring they hold the broad WRITE_EXTERNAL_STORAGE permission. For example, the app with package name com.example.foo can now freely access Android/data/com.example.foo/ on external storage devices with no permissions. These synthesized permissions are accomplished by wrapping raw storage devices in a FUSE daemon.

[HOW-TO] Write Data to Your External SD Card in KitKat Without Root (Many Apps)

I saw a question here in XDA where a person was asking how his torrent app could save downloads to the external SD card without root, in KitKat. This can actually be done, with many apps.
Surprisingly, there were no answers, except to tell him to root. That is not always the case! I've been saving and writing data to my external SD card since I got my KitKat device and, I am not rooted. I didn't know this was not a well known technique, or I would have posted this information a long time ago. I just did an internet search (to see if it was well known or not) and it came up empty! But, if this method is common knowledge and I just missed it (wrong search criteria, for example), I apologize!
With KitKat, you do not have to be rooted for many apps to be able to write to an external SD card, if you follow Google's guidelines!
Let me explain via an example:
One main requirement is that the app in question can actually see and use the external SD card - some cannot. Also, please be aware, depending upon your device manufacturer, the path examples given in this explanation may vary.
For the example, I am going to use a made-up app called MyTorrent. Let's say MyTorrent has a home-directory of '/storage/emulated/0/Android/data/com.company.mytorrent/files' where it stores its downloads, but you want it to save the downloads to the external SD card instead of internal memory. With many apps, this is easily and completely doable!
To have MyTorrent use the external SD card to save its downloads, you need to first make sure a home-directory was created for MyTorrent on the external SD card. There should be an Android directory on the external SD card, just like there is in internal memory. An app's external home-directory path will look a lot like its internal home-directory path, something like: '/storage/extSdCard/Android/data/com.company.mytorrent/files'. If the app you are setting up does not have a home-directory on the external SD card, just create one manually (use the internal home-directory path as a template).
Finally, just point MyTorrent's download location to its external SD card home-directory! As long as you can select the external home-directory path as the app's download destination, it should work. If this technique doe not work, it is usually because of how the app is written or, you got the external SD card home-directory wrong. Google set KitKat up so that any app has write permission to its own external SD card home-directory.
This is not a perfect answer and does not open up the external SD card for KitKat's use carte blanche, but it will help free up a lot of wasted, limited internal memory.
This method also works for file managers. Unfortunately, only their external home-directory will be available to them, but it is a good place for manual copy-type backups and zips.
Gonna check it out with my torrent. I saw this thing in Snap Camera app, when I wanted to save videos in SD card, but it saved in its directory, not anywhere else.(but I didn't understood that it can only save in its dir)
DarkLTU said:
Gonna check it out with my torrent. I saw this thing in Snap Camera app, when I wanted to save videos in SD card, but it saved in its directory, not anywhere else.(but I didn't understood that it can only save in its dir)
Click to expand...
Click to collapse
I use Flud, and it works fine for me. But, like you reiterated, it must use its own home directory.
BTW, it works (in most cases) the same way with Lollipop, too.

SSH server on Android N (no root) with write access to the SD card

I want to mount all of my phone's storage read/write with ssfs, but I haven't yet found an SSH server able to do that properly. SimpleSSHD came closest, but it doesn't get write access to /storage/148C-40DE, which is my removable SD card. Also, it doesn't support setting the file attributes and date/time, which is annoying (all files I copy to the phone will have the current date/time).
It's not the protocol, because I've also tried the open source Primitive FTPD app, and it had the same problem. So back to SSH, I've tried a bunch of other free and paid apps from Play, and all had the same problem with the external SD Card, except for WiFi FTP Server, which was able to write on folders in the external SD card, but the connection kept breaking to the point of being unusable, but it did show that it's possible for a server app to offer write access to the SD card without root.
So is there a current solution to run an SSH server on Android Nougat with write access to the external SD card? The guides I've found were very old (2011).
Nothing?
I'm looking for the same thing, since I really want wireless file syncing with my microSD card, but NFS/SMB is out due to not being rooted.
This is the best one I've seen so far -- https://forum.xda-developers.com/android/apps-games/app-ssh-sftp-server-terminal-interface-t3740091 -- https://play.google.com/store/apps/details?id=net.xnano.android.sshserver
It can write to the SD card. But it does have some odd issues -- file modification times aren't kept, and mounting from windows causes an error if you have more than one root per user (workaround: I just created a user for the internal memory root and one for the SD card). But the modification time is a big problem. I haven't found any SSH server on Android that keeps modification times, where openSSH out the box does it on Linux.
In the reviews for this app someone mentioned a better app that's not on the playstore, but I couldn't find one like that.
I'm surprised no one has really gotten wireless sharing on Android working well yet (and frankly, I'm surprised it just isn't support by Android directly on the correct port numbers.

Encrypted portable microSD card in Settings; apps can't read it. Help?

Not sure if many of you are aware, but the U11 allows you to encrypt portable microSD cards in the settings, which is nice for privacy purposes. The problem is since I did that (I even rebooted after) many of my apps can't properly read or write to the microSD card. I've noticed many of said apps don't implement Google's expandable storage permissions properly either (i.e. they don't ask you to select the root directory of the microSD card in Android File Explorer so they have proper read-write access to everything.)
My questions, therefore, are:
What am I doing wrong? Is there some permission I'm missing?
Are 3rd party apps supposed to be able to work with encrypted portable storage?
Is encrypted portable storage even an AOSP feature? Or something specific to 3rd party OEMs?
Why do so many apps not implement microSD storage read/write permissions correctly?
Any ideas?

Categories

Resources