Recently, we found an interesting bug while working with one of our partners. The issue was that even though our application and the libraries needed for our application were not using the microphone permission,still we were getting notifications related to our application using the microphone.The issue was easily reproducible on their set of devices as we had tried with different OEM vendors of the same kind but could not reproduce it with the same steps.
Because we were aware that, we have never utilised microphone permission in our application as we are not using any feature related to it. We tried numerous ways to identify the bug and also to prove our point of not using microphone permission in our application. The microphone permission can be very dangerous as it can actively listen to the voice and can be used as a data leaking tool. It is a matter of data security and privacy concern and that too actively listening to a microphone without user consent is a crime in terms of data security and privacy.
While troubleshooting for this issue, we tried out on several hits and trials to find out which apis or features can internally cause this issue, as we were sure of the fact that neither our application nor its libraries or any third party libraries that we are using in our product are utilising this permission. Later, while commenting out each and every permission of our application’s manifest, we found out that somehow android.permission.ACCESS_FINE_LOCATION was involved in creating the circumstances for this issue to occur. We also came to know at this point of time as we had spent so much time on this issue that it cannot be because of location permissions and related apis alone, it definitely was the combination of permissions. So later we found out that this issue was happening because we had permission to Display over other apps (android.permission.SYSTEM_ALERT_WINDOW) and also android.permission.ACCESS_FINE_LOCATION and we were using Geofence apis for actively getting location updates for one of many features in our application. So, when we created a sample application with exactly the same combinations, we were able to reproduce the issue even with the sample application. The Notification message that was displayed stated “This app is displaying over other apps on your screen and using Microphone”.
We tried to find out this message string in AOSP code, Please refer the given below link:
Now let’s have a look at the AOSP code of AppOpsInfo.java, please refer the below link:
Code Snippet from AppOpsInfo.java AOSP code :-
private String getPrompt() {
if (mAppOps == null || mAppOps.size() == 0) {
return "";
} else if (mAppOps.size() == 1) {
if (mAppOps.contains(AppOpsManager.OP_CAMERA)) {
return mContext.getString(R.string.appops_camera);
} else if (mAppOps.contains(AppOpsManager.OP_RECORD_AUDIO)) {
return mContext.getString(R.string.appops_microphone);
} else {
return mContext.getString(R.string.appops_overlay);
}
} else if (mAppOps.size() == 2) {
if (mAppOps.contains(AppOpsManager.OP_CAMERA)) {
if (mAppOps.contains(AppOpsManager.OP_RECORD_AUDIO)) {
return mContext.getString(R.string.appops_camera_mic);
} else {
return mContext.getString(R.string.appops_camera_overlay);
}
} else {
return mContext.getString(R.string.appops_mic_overlay);
}
} else {
return mContext.getString(R.string.appops_camera_mic_overlay);
}
}
From the above code, according to our findings, based on the AOSP code, mAppOps have none, one or many of these three values only:
AppOpsManager.OP_SYSTEM_ALERT_WINDOW (24)
AppOpsManager.OP_CAMERA (26)
AppOpsManager.OP_RECORD_AUDIO (27)Because mAppOps is containing the value AppOpsManager.OP_FINE_LOCATION (1) we’re getting undesired results. Most probably somewhere in the code workflow mAppOpsManager.startWatchingActive is watching additional operations or groups which it’s not supposed to watch.