Wednesday, April 11, 2012,
Modified: Wednesday, April 11, 2012
Refs
http://leviathansecurity.com/blog/archives/17-Zero-Permission-Android-Applications.html
"The first privileged access area is the SD Card. Every application has at least read-only access to the contents of this external storage ...
Secondly, I can fetch the /data/system/packages.list file ...
The third action I was able to take was to grab identifiable information about the device itself ...
there is one network call that can be made without any permissions: the URI ACTION_VIEW Intent opens a browser."