From 0962383b460aaf41480a535f2864fd14d51ad727 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Donncha=20=C3=93=20Cearbhaill?=
 <donncha.ocearbhaill@amnesty.org>
Date: Thu, 30 Jan 2025 11:48:19 +0100
Subject: [PATCH] Alert on potentially suspicious permissions from ADB

---
 src/mvt/android/artifacts/dumpsys_appops.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/mvt/android/artifacts/dumpsys_appops.py b/src/mvt/android/artifacts/dumpsys_appops.py
index 12c8114..98561b4 100644
--- a/src/mvt/android/artifacts/dumpsys_appops.py
+++ b/src/mvt/android/artifacts/dumpsys_appops.py
@@ -55,6 +55,11 @@ class DumpsysAppopsArtifact(AndroidArtifact):
                         result["package_name"],
                     )
 
+            if result["package_name"] == "com.android.shell":
+                self.log.warning(
+                    "Risky package com.android.shell requested a permission"
+                )
+
     def parse(self, output: str) -> None:
         self.results: List[Dict[str, Any]] = []
         perm = {}