[APP] Heatmap - new app straight from the Galaxy S5 Active

Search This thread
By:
Advanced…
radekklamzynski7

radekklamzynski7

Senior Member
Feb 7, 2011
300
386
Lodz
The application area of activity, which has some useful features. You could say that this is the kind of addition to application S Health, aimed at those with active lifestyles.



Download the program Heatmap
 

Attachments

  • 1.png
    1.png
    124.3 KB · Views: 3,041
  • 2.png
    2.png
    171 KB · Views: 2,795
  • 3.png
    3.png
    86.1 KB · Views: 2,652
  • 4.png
    4.png
    65.3 KB · Views: 2,464
  • 5.png
    5.png
    95.8 KB · Views: 2,462
  • 6.png
    6.png
    99.5 KB · Views: 2,287
  • Like
Reactions: koragg97, hberntsen and dzasti1975
M

mmeidl78

Senior Member
May 6, 2010
503
211
Ulm
Looks good but needs a huge amount of permissions. Normally I'm not interested in permissions but that was 2 pages full of permission requests incl. SMS, Phonebook, etc. Why should this app need this? Anybody knows why? Don't installed it.
 
N

NZ_Nitro

Senior Member
Apr 4, 2011
298
32
mmeidl78 said:
Looks good but needs a huge amount of permissions. Normally I'm not interested in permissions but that was 2 pages full of permission requests incl. SMS, Phonebook, etc. Why should this app need this? Anybody knows why? Don't installed it.
Click to expand...
Click to collapse
not in the store either, spyware? TOO RISKY
 
Jonny

Jonny

Retired Forum Moderator
Jul 22, 2011
9,293
9,616
The reason for the permissions is because the app acts under the System User ID, therefore can access any permission the system process has access to (ie all of them).

Here is the permissions part of the Android_Manifest file - note the android:sharedUserId field:
Code: 
<manifest xmlns:android="http://schemas.android.com/apk/res/android" android:sharedUserId="android.uid.system" package="com.sec.activemode">
    <permission android:name="com.sec.activemode.compass.permission.MAPS_RECEIVE" android:protectionLevel="signature"/>
    <uses-permission android:name="com.sec.activemode.compass.permission.MAPS_RECEIVE"/>
    <uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>
    <uses-permission android:name="android.permission.CAMERA"/>
    <uses-permission android:name="android.permission.WAKE_LOCK"/>
    <uses-permission android:name="android.permission.INTERNET"/>
    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
    <uses-permission android:name="android.permission.VIBRATE"/>
    <permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT" android:permissionGroup="android.permission-group.SYSTEM_TOOLS" android:protectionLevel="dangerous"/>
    <permission android:name="com.android.launcher.permission.UNINSTALL_SHORTCUT" android:permissionGroup="android.permission-group.SYSTEM_TOOLS" android:protectionLevel="dangerous"/>

I will further reverse engineer this tomorrow to see if I can determine if it uses any dangerous permissions and if it really needs to operate under the system user. As a general rule of thumb I would never trust an app that operates under the system user unless I had full access to the source code - I run one of my own apps under the system user because the class it accesses isn't visible to a standard user id (acts as a shortcut to the KitKat Easter Egg on HTC phones because HTC always disable the easter eggs) but then again, I have the source code and I built it so I know its not dangerous, with this though I can't be sure
 
Last edited:
  • Like
Reactions: koragg97, rx7_guy and el7145
S

sorg

Senior Member
Sep 5, 2006
1,059
1,136
台灣
Jonny said:
The reason for the permissions is because the app acts under the System User ID, therefore can access any permission the system process has access to (ie all of them).

I will further reverse engineer this tomorrow to see if I can determine if it uses any dangerous permissions and if it really needs to operate under the system user. As a general rule of thumb I would never trust an app that operates under the system user unless I had full access to the source code - I run one of my own apps under the system user because the class it accesses isn't visible to a standard user id (acts as a shortcut to the KitKat Easter Egg on HTC phones because HTC always disable the easter eggs) but then again, I have the source code and I built it so I know its not dangerous, with this though I can't be sure
Click to expand...
Click to collapse

This app is from S5 Active ROM. This is pretty normal for system app. As a part of Samsung ecosystem it shares data between different Samsung apps.

By the way, this app uses shared user ID and protected by common signature from Samsung. If you tamper this apk, then it won't be able to install on stock ROM (unless you use core patch to eliminate signature verification). Thus, IMHO, there is no reason to pay so much attention to permissions required by this app.
 
  • Like
Reactions: Jonny
Jonny

Jonny

Retired Forum Moderator
Jul 22, 2011
9,293
9,616
sorg said:
This app is from S5 Active ROM. This is pretty normal for system app. As a part of Samsung ecosystem it shares data between different Samsung apps.

By the way, this app uses shared user ID and protected by common signature from Samsung. If you tamper this apk, then it won't be able to install on stock ROM (unless you use core patch to eliminate signature verification). Thus, IMHO, there is no reason to pay so much attention to permissions required by this app.
Click to expand...
Click to collapse

Thanks, must have been half asleep when originally investigating that, not sure how I missed it :eek: Also if its a system app it should be pushed to system/app/ or system/priv-app/ (not sure which it is on Samsung phones seeing as I don't own one but my guess would be system/priv-app/) instead of being installed.
 
You must log in or register to reply here.

Similar threads

Rick Clephas
[APP] FingerSecurity - Fingerprint lock for all apps
Replies
1K
Views
312K
romualdrichard
romualdrichard
idle0095
Post Your Galaxy S 5 Homescreens **Be Appropriate**
Replies
1K
Views
348K
M
Mahdiw.grb
X
  • Locked
[APP] UPSM Manager
Replies
154
Views
222K
c627627
c627627
Manh_IT
[Port] Galaxy S6 Apps for S5
Replies
98
Views
119K
N
Nick1602
stalli0nUK
[MOD][S5] Volume Boost [G900F] Multi TW / CM / Lollipop
Replies
687
Views
340K
Adel-17
Adel-17

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 3
    radekklamzynski7
    radekklamzynski7
    The application area of activity, which has some useful features. You could say that this is the kind of addition to application S Health, aimed at those with active lifestyles.



    Download the program Heatmap
    View
    3
    Jonny
    Jonny
    The reason for the permissions is because the app acts under the System User ID, therefore can access any permission the system process has access to (ie all of them).

    Here is the permissions part of the Android_Manifest file - note the android:sharedUserId field:
    Code: 
    <manifest xmlns:android="http://schemas.android.com/apk/res/android" android:sharedUserId="android.uid.system" package="com.sec.activemode">
    <permission android:name="com.sec.activemode.compass.permission.MAPS_RECEIVE" android:protectionLevel="signature"/>
    <uses-permission android:name="com.sec.activemode.compass.permission.MAPS_RECEIVE"/>
    <uses-permission android:name="com.google.android.providers.gsf.permission.READ_GSERVICES"/>
    <uses-permission android:name="android.permission.CAMERA"/>
    <uses-permission android:name="android.permission.WAKE_LOCK"/>
    <uses-permission android:name="android.permission.INTERNET"/>
    <uses-permission android:name="android.permission.ACCESS_COARSE_LOCATION"/>
    <uses-permission android:name="android.permission.ACCESS_FINE_LOCATION"/>
    <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
    <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE"/>
    <uses-permission android:name="android.permission.VIBRATE"/>
    <permission android:name="com.android.launcher.permission.INSTALL_SHORTCUT" android:permissionGroup="android.permission-group.SYSTEM_TOOLS" android:protectionLevel="dangerous"/>
    <permission android:name="com.android.launcher.permission.UNINSTALL_SHORTCUT" android:permissionGroup="android.permission-group.SYSTEM_TOOLS" android:protectionLevel="dangerous"/>

    I will further reverse engineer this tomorrow to see if I can determine if it uses any dangerous permissions and if it really needs to operate under the system user. As a general rule of thumb I would never trust an app that operates under the system user unless I had full access to the source code - I run one of my own apps under the system user because the class it accesses isn't visible to a standard user id (acts as a shortcut to the KitKat Easter Egg on HTC phones because HTC always disable the easter eggs) but then again, I have the source code and I built it so I know its not dangerous, with this though I can't be sure
    View
    1
    A
    almaftoooon
    Thanks for the app, it looks nice and useful

    Sent from my SM-G900F using Tapatalk
    View
    1
    S
    sorg
    Jonny said:
    The reason for the permissions is because the app acts under the System User ID, therefore can access any permission the system process has access to (ie all of them).

    I will further reverse engineer this tomorrow to see if I can determine if it uses any dangerous permissions and if it really needs to operate under the system user. As a general rule of thumb I would never trust an app that operates under the system user unless I had full access to the source code - I run one of my own apps under the system user because the class it accesses isn't visible to a standard user id (acts as a shortcut to the KitKat Easter Egg on HTC phones because HTC always disable the easter eggs) but then again, I have the source code and I built it so I know its not dangerous, with this though I can't be sure
    Click to expand...
    Click to collapse

    This app is from S5 Active ROM. This is pretty normal for system app. As a part of Samsung ecosystem it shares data between different Samsung apps.

    By the way, this app uses shared user ID and protected by common signature from Samsung. If you tamper this apk, then it won't be able to install on stock ROM (unless you use core patch to eliminate signature verification). Thus, IMHO, there is no reason to pay so much attention to permissions required by this app.
    View

New posts