Recently, while browsing the Google’s Android forum, I saw a post which was questioning the extent to which Android Sandbox can help prevent unwanted upload of files from the device to an external server. The only problem with the post was that it said the malicious app was granted permission to access files and storage. The user wanted to know why Sandbox won’t stop the files from being uploaded by the malicious app. We are going to talk about this in as detailed way as possible.
Understanding Android App Permissions
First of all, let us understand how the Android App permission feature work. Android provides you with a control on which app can have which permission through the App Setting page. You can open the app settings page for an app and then see what permissions were granted to it. It involves data access, location access, files and storage access, capacity to run in background as well as over other apps. Along with these, there are microphone access and other hardware access which you can grant or revoke.
When you grant internet access as well as files and media access to an app, you are allowing the app to not only look into all your files but also download or upload files to and from your device. Social media apps are best example of how an app uses the files and storage permission along with Internet access permission to upload a file from your device to the social media account.
What does Android Sandbox do to keep apps and files secure?
Now, since we have understood how the app permissions in Android work, let us talk about how Android Sandbox participate in the security feature of Android. Let us start with a small definition of what Android Sandbox is.
Android Sandbox is a core feature of Android which separates the apps from each other and lets them work as per their own permissions and environment. This helps in keeping other apps and files of the device secure and untouched by an app with lesser or different permissions. It also enables you to separately allow all apps with the permission you want them to have and not mix up.
Android Sandbox is like a locker room in which each locker is untouched of the other. When one of the locker gets compromised, it doesn’t mean that it will instantly compromise whole locker room. And the Android app permission feature is like giving the key to apps so that they can access a certain locker room but not others. This keeps the overall phone secure in case one of the apps turn malicious.
Can Android Sandbox stop an app from uploading files if the app has permissions granted?
Now, let us talk about the actual issue. What happens if an app turns malicious? What if an app that was granted network permission as well as files and storage permission starts uploading your phone’s files to a server? Will the Android Sandbox stop it?
The answer is, No. It won’t.
Why?
Because Android Sandbox cannot interfere when the app was granted permission by the phone users themselves. Android Sandbox is like a gatekeeper. It checks for the permission and if the app has the permission, Sandbox cannot do anything.
So to answer the user’s question, Android Sandbox cannot stop an app from uploading files to an external server it the app has all the required permissions from the user.
How can we make sure our phone’s files are safe from bad apps?
The answer is simple, grant permissions to apps that you trust. One of the most common reasons people face problems like their files being uploaded where they don’t want to, is that they download apps from external sources. As much as possible, and even when there is no 100% guarantee that this will prevent all kind of unwanted file uploads, try installing apps directly from the Google Play Store. Google Play Protect does perform various security checks before letting an app feature on the store.
Check this guide on How to Remove malware or unsafe software – Android.
Google Play Store usually notifies you if an app from the store has been turned malicious. It also take some measures like stopping the app from functioning or notifying the user who has installed the app.
Another measure that you can take to stop files from being uploaded is giving Android Sandbox some support by not giving permissions to random apps. If you don’t give them permission, Android Sandbox will stop those apps from uploading files anywhere at all.
Some of the permissions that need extra cautions before being granted to an app are-
- Files & Storage
- Location
- Camera
- Microphone
- Contacts
So next time you let an app see your photos, make sure that you trust the app enough. Even if you have downloaded the app from Play Store, to an extent it is possible that an app with bad intentions might have passed through the security checks. So do your own research too.
So these are some of the ideas we had about the user’s question about how effective Google Sandbox is when it comes to protect files from being uploaded externally. If you have more ideas or suggestions, email us and we will check those out. For more such guides, follow Talkshubh.
Also read this
4 Replies to “How Media Access and Internet Permissions Can Compromise Your Data Security”