13

I am currently developing an app that reads out SMS/Emails while driving. Many users wished support for WhatsApp / KakaoTalk.

However, as there is no "official" way to receive their messages, there would be only three options, all requiring root:

The easier way of scanning their database in a given intervall.

  • Easy to implement.
  • However not battery efficient
  • Also the messages are not read out immediately.

An other way would be to run a service with root rights and register a receiver that listens for their push notifications. This has to be done with root, as both packages require a signature based permission for receiving their push notifications.

  • Harder to implement
  • Better user experience

Also another thing came to my mind: Would it be possible to manually add permissions to an APK after installing? In that case I could add the c2dm permissions to my package.

  • This would make things very easy
  • However, I am a little bit scared of changing my app's permissions, as this is completely against the Android Sandbox principle.
  • Still, if it would be possible, let me know!

The problem is, how exactly do I run a service with root rights (is it actually possible)? I know how to run shell commands or binaries with root, but I have no idea how to start a part of an APK as root.

Also, would it be possible to integrate a BroadcastReceiver into a binary? I have actually no experience with C/C++, especially in an android environment.

Can you help me with that? Thanks.

edit: Like I said in the comment, I do not want to use an AccesibilityService, as it does not fit my needs (eg it will give me "2 unread messages" if more then one is unread, also it does not include the full body).

edit2: Just to clarify things: I know how to run commands with root. What I need to know is how to register a Broadcastreceiver, that receives a specific broadcast "normal" receivers don't get, as the Broadcast itself requires a signature based permission I don't have.

Force
  • 6,312
  • 7
  • 54
  • 85
  • I do not know how to run a binary as root, but that should be the starting point. Unfortunately, as far as I know you CANNOT register a BroadcastReceiver you do not have permission for even WITH root. The reason being, any process you run with UID 0 will be isolated and NOT within Android's Zygote, so no Context and thus no option for a BroadcastReceiver. That being said, I'm far from certain of this. – Tom Jan 04 '13 at 02:24

7 Answers7

3

This is far from trivial but should work when the apps you want to monitor use sqlite databases or, more generically, write messages to a file when they arrive.

You will indeed need to have root access to the device as this violates the android security system:

Write a native process which runs as a daemon using the NDK and spawn it once after boot as root. You have now 3 major problems to solve:

How to find out if something changed?

This is the easy part. You would need to utilize the Linux inotify interface which should be accessible on every Android phone as the SDK has a FileObserver since API 1, so you are on the safe side here.

Another interesting approach may be to catch the C2DM messages. I have found a NDK class called BroadcastReceiver, so the NDK may be able to catch them. But I personally wouldn't do that as it feels wrong to steal intents. Also you would have to redistribute them or let them travel to real recipient, so I will not describe this in detail here. It may work, but it may be harder and should only be a fallback.

So, when you have solved this, the next problem arises:

How to read the changes in a safe way?

You have a problem, a big one, here. The file doesn't belong to the client, and the client doesn't even have the permission to know where it is (normally). So the monitored app is not aware of the client and will act like the file is exclusively owned only by itself. If they use some plain old textfile to write messages to you have to find out a way to read from it safely as it may be overwritten or extended at any time. But you may be lucky when they use sqlite, according to this it's totally valid to have more than one simultaneous reader, just only one writer. We are in the specs, everything fine again. When you have now read out the new data, more problems to solve:

How to get the new data back into the main app?

You should do only the bare minimum in this C/C++ program because it runs as root. You should also protect your app users from security breaches, so please write the program with this in mind. I have no real idea for this could work really good, but here are some thoughts:

  • Write the collected data into your own sqlite database (easy in C/C++ and Java),
  • Write the collected data into a plain file (not recommended at all, pain in the rear),
  • Send an Intent which contains the new data (maybe not that easy in C/C++, but easy in Java)
  • Use sockets/pipes/..., just every RPC mechanism you could imagine which is brought to you by Linux (same as the file, don't do it)

As stated in the text above, please be careful when you write this daemon as it is a potential security hazard. It may be hard to do this when you have no knowledge about C/C++ at all, even if you have written simple programs this should be a non trivial task.

On my search through the web I have found the NDK C++ classes I mentioned above. It can be found at Google code. I have neither experience with the NDK nor the C++ wrapper but it may be worth a look when you plan to write this.

Allen Luce
  • 7,859
  • 3
  • 40
  • 53
Luminger
  • 2,144
  • 15
  • 22
2

running something as root is not the right way of solving this.

instead, consider an accessibility service that can watch for new notifications:

AccessibilityEvent

Force
  • 6,312
  • 7
  • 54
  • 85
Jeff Sharkey
  • 2,473
  • 1
  • 17
  • 10
  • Thanks for your answer. I have already considered using the Accessibility approach, but the problem is, that I need the **full body** of the message, not just the title and the first words. ;-) Also, if more then one message is received, it would only read out "2 new messages" and won't give me any information at alll. – Force Feb 05 '12 at 21:00
2

Force, I must tell you that an Android Service do not require root access instead some actions(i.e. Access, Read, Write system resources) requires Root Permissions. Every Android Service provided in Android SDK can be run without ROOT ACCESS.

You can make the actions to execute with root permissions with the help of shell commands.

I have created an abstract class to help you with that

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import android.util.Log;

public abstract class RootAccess {
    private static final String TAG = "RootAccess";
    protected abstract ArrayList<String> runCommandsWithRootAccess();

    //Check for Root Access
    public static boolean hasRootAccess() {
        boolean rootBoolean = false;
        Process suProcess;

        try {
            suProcess = Runtime.getRuntime().exec("su");

            DataOutputStream os = new DataOutputStream(suProcess.getOutputStream());
            DataInputStream is = new DataInputStream(suProcess.getInputStream());

            if (os != null && is != null) {
                // Getting current user's UID to check for Root Access
                os.writeBytes("id\n");
                os.flush();

                String outputSTR = is.readLine();
                boolean exitSu = false;
                if (outputSTR == null) {
                    rootBoolean = false;
                    exitSu = false;
                    Log.d(TAG, "Can't get Root Access or Root Access deneid by user");
                } else if (outputSTR.contains("uid=0")) {
                    //If is contains uid=0, It means Root Access is granted
                    rootBoolean = true;
                    exitSu = true;
                    Log.d(TAG, "Root Access Granted");
                } else {
                    rootBoolean = false;
                    exitSu = true;
                    Log.d(TAG, "Root Access Rejected: " + is.readLine());
                }

                if (exitSu) {
                    os.writeBytes("exit\n");
                    os.flush();
                }
            }
        } catch (Exception e) {
            rootBoolean = false;
            Log.d(TAG, "Root access rejected [" + e.getClass().getName() + "] : " + e.getMessage());
        }

        return rootBoolean;
    }

    //Execute commands with ROOT Permission
    public final boolean execute() {
        boolean rootBoolean = false;

        try {
            ArrayList<String> commands = runCommandsWithRootAccess();
            if ( commands != null && commands.size() > 0) {
                Process suProcess = Runtime.getRuntime().exec("su");

                DataOutputStream os = new DataOutputStream(suProcess.getOutputStream());

                // Execute commands with ROOT Permission
                for (String currentCommand : commands) {
                    os.writeBytes(currentCommand + "\n");
                    os.flush();
                }

                os.writeBytes("exit\n");
                os.flush();

                try {
                    int suProcessRetval = suProcess.waitFor();
                    if ( suProcessRetval != 255) {
                        // Root Access granted
                        rootBoolean = true;
                    } else {
                        // Root Access denied
                        rootBoolean = false;
                    }
                } catch (Exception ex) {
                    Log.e(TAG, "Error executing Root Action", ex);

                }
            }
        } catch (IOException ex) {
            Log.w(TAG, "Can't get Root Access", ex);
        } catch (SecurityException ex) {
            Log.w(TAG, "Can't get Root Access", ex);
        } catch (Exception ex) {
            Log.w(TAG, "Error executing operation", ex);
        }

        return rootBoolean;
    }


}

Extend your class with RootAccess or create an instance of RootAccess class and Override runCommandsWithRootAccess() method.

Vivek
  • 11,938
  • 19
  • 92
  • 127
  • 1
    Thanks a lot for you answer! Like I said above, I know already how to run root commands. The reason why I want to run a service with root, is that I need to register a BroadcastReceiver that would need a signature level permission I don't have. So a better formulated question would be probably "is there a way of running a Broadcast Receiver with root rights" – Force Feb 07 '12 at 11:43
  • Have you tried `adb push`:ing your APK in a rooted & remounted device into the `system/app` folder & then rebooting the device? – Jens Feb 08 '12 at 10:08
  • @sam: I would change the above to `rootBoolean = (process.waitFor() != 0) ? false : true;` as rooted devices will return zero and one for non-rooted devices. `255` will not work in all situations. :) – ChuongPham Feb 03 '13 at 17:30
1

It is not possible to run a Service (or any other application component for that matter) as root, if you are targeting unaltered, non-rooted devices. Allowing that would make all security mechanisms in Android pointless.

It is not possible to alter the permissions of an APK at runtime either. Permissions are always granted or rejected at APK install-time. Please refer to http://developer.android.com/guide/topics/security/security.html for some more info on the subject.

Martin Nordholts
  • 10,338
  • 2
  • 39
  • 43
  • I know that it is not possible to run root commands on unrooted devies. But it would be definitely possible to modify a package's permissions with root, as every apk has an own **user**-id, which has the permissions stored. So in order to change the permissions, one need to alter the user database (probably a file in /etc/?) – Force Feb 06 '12 at 15:57
  • And obviously the Developer Guide won't give any advice on root related stuff, so we can't refer to it as a valid source. – Force Feb 06 '12 at 17:16
  • If you are targeting rooted devices, check the accepted answer to http://stackoverflow.com/questions/5293615/how-can-i-get-root-permissions-through-the-android-sdk and in particular the link in the answer. – Martin Nordholts Feb 06 '12 at 20:37
  • Please read the whole question! I already said that **I know how to run shell commands or binaries with root.** – Force Feb 06 '12 at 20:54
  • 1
    I apologize if I don't understand your question, but by following the above you can write a service that runs with root rights, which seems to be what you want. After doing `Runtime.getRuntime().exec("su")` (and possibly waiting for confirmation by the user), the process that makes the call will run with root privileges afterwards. By making the call in the same process that your service runs in, the service will run with root privileges. Isn't that what you want? – Martin Nordholts Feb 07 '12 at 08:20
  • @MartinNordholts - no, this will not let the application or service's process run as root - it will only let *some other* process it starts run as root, and that is now that the poster seeks to do. – Chris Stratton Oct 03 '13 at 17:02
1

"What I need to know is how to register a Broadcastreceiver, that receives a specific broadcast "normal" receivers don't get, as the Broadcast itself requires a signature based permission I don't have."

You can't. Period. End of story. And thank ghod for that.

Yes, if you use the scary rooted device facilities to have some code run as root, you can in theory do whatever you want. In practice, it may be quite hard to get around this restriction, and the platform is often designed to be that way. You will at the very least need to mess around with the state maintained and/or stored by the package manager, and will likely need to cause the user to reboot the device to get changes you make as root to actually have an impact. And of course you are then messing with deeply internal implementation details of the platform, which means breaking all over the place across different versions of the platform and different builds from different manufacturers.

hackbod
  • 90,665
  • 16
  • 140
  • 154
-1

you can use 

pm grant your.permission

as a shell command to grant additional permissions to your app. I think that command was added quite recently, so if you target older versions you may have to directly alter the 'packages.xml'.

It is possible to execute an app/dex file as root with the app_process command, but I haven't figured out yet how to get a valid context (with this you can use the java.io.File api to access all files, but non static android methods like bindService etc. will fail because you are running without an app context).

user765269
  • 311
  • 1
  • 4
  • 12
  • 1
    Not all permissions can be granted with this command. Got this message: Operation not allowed: java.lang.SecurityException: Permission android.permission.MODIFY_PHONE_STATE is not a development permission – Bao Le Oct 29 '13 at 07:12
  • @BaoLe So how should we do for these permissions?! – Dr.jacky Feb 27 '16 at 08:45
-2

Of course you can change the permissions of your applications. If the permissions will be changed, the user will just have to manually update the app, and the new permission will be displayed to the user. But I do not exactly know how changing your app permission will help you in solving this problem.

Another thing I can tell you, is that you can not run a Service or whatever as root, only on rooted devices, and it will not be an easy task to root the devices through your application, and also it won't be something that many user will want.

How are you currently accessing the SMS? If you have a BroadcastReceiveryou could set the MAX_PRIORITY for your receiver and maybe it will intercept the messages before other applications. This can be done as follows:

   <receiver android:name=".SmsReceiver" >
        <intent-filter android:priority="100" >
            <action android:name="android.provider.Telephony.SMS_RECEIVED" />
        </intent-filter>
    </receiver>

You could also use the SMS Provider, which is not public now but maybe if you query at a given interval this Provider you can check for new messages. You could also have a look at this thread : Android SMS Provider if you have not done this allready.

Community
  • 1
  • 1
Ovidiu Latcu
  • 71,607
  • 15
  • 76
  • 84
  • Thanks for your reply. Like I said, I know that the device must be rooted before. Also it is not about processing SMS, but C2DM with signature based permissions. You said, it is possible to add these - can you please give an example? – Force Feb 10 '12 at 17:11