Wednesday, May 25, 2011

Malicious Intent - Exploiting Android Activities to Escalate Privilege

This paper discusses an emerging risk that affects a significant portion of Android Apps on the marketplace. An introduction to the risk is offered along with real world examples. Finally solutions are offered to app developers to mitigate this risk.

Executive Summary
Privateer Labs performed a study of how Android apps can and do communicate with one another inside the Android sandbox. It was found that the majority of apps on the marketplace do not enforce permissions to prevent access to their functionality from potentially malicious apps installed by the user. During the course of this document attacks are demonstrated that allow malicious apps to acquire unwanted privileges from other, potentially more trusted apps. One such privilege is the ability to make arbitrary phone calls from the mobile or crash services that would disrupt the user experience

Download: PDF

No comments: