TIL Android 8.0+ has privileged permission whitelisting:
Conversation
Replying to
It's primarily an Android 9+ feature because for the most part only Google's first party devices enabled it on Android 8. It wasn't required by the CTS before and other vendors do the bare minimum required.
I've talked about that issue in the past here:
twitter.com/search?q=ro.co
1
4
Replying to
Thanks. This gets complicated quickly on custom devices where the only way to add 3rd party apps is via OTA
1
1
Replying to
It's still possible to update privileged apps out-of-band and add new privileged permissions. The new privileged permissions just won't be granted until the OS is updated to a version with them included in the static whitelist.
1
2
An OS update was required to add a new priv-app before this feature was implemented. The difference is only that out-of-band updates to the priv-app cannot expand the permissions beyond the whitelisted set. The apps often come from a third party like a carrier.
1
2
One of the issues that this mitigates is the third party arbitrarily expanding their privileged permissions. They could release an update expanding it to the whole set of available privileged permissions on the device. It makes it so that they need permission from the OS first.
There's also no whitelisting for regular permissions requested by these apps, only the permissions that require them to be a priv-app to receive. It doesn't impact normal bundled apps that go in /system/app rather than /system/priv-app or permissions granted via signatures alone.
1
2
Replying to
Thanks! Need to look for into this more, might have to get some of it backported to 7.x