Android OEM's applications (in)security and backdoors ... - QuarksLAB

More documents

Recommendations

Info

Android introduction Android security model Methodology Toward a backdoor without permission Post-exploitation Plan 1 Context and objectives 2 Android introduction 3 Android security model Applications isolation The permission system 4 Methodology 5 Toward a backdoor without permission 6 Post-exploitation 7 Scope of the vulnerabilities
Android introduction Android security model Methodology Toward a backdoor without permission Post-exploitation Applications isolation One user per application Security by isolation Default behaviour: Each application has a dedicated user (and therefore an UID) on the system Special case: An application can ask to share an UID with another application sharedUserId mechanism (AndroidManifest.xml) In order to share an UID, 2 applications must be signed with the same certificate Consequences Isolation between application in memory (process) Isolation on the filesystem Don’t protect against world readable/writeable files
Page 1 and 2: Android OEM’s applications (in)se
Page 3 and 4: Android introduction Android securi
Page 25: Android introduction Android securi
Page 76 and 77:
Android introduction Android securi
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112:
contact@quarkslab.com I @quarkslab.
show all

Android OEM's applications (in)security and backdoors ... - QuarksLAB

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?