He said during testing that he was able to read some files belonging to other apps. He then fetched the /data/system/packages.list file to which apps were installed on the device and scanned the directories to determine whether sensitive information could be read from those directories. “While it´s possible to fetch the contents of all those files, I´ll leave it to someone else to decide what files should be grabbed and which are going to be boring,” he said. Brodeur said he found that OpenVPN certificates were stored on his own device´s SD card. On the SD card, Brodeur´s app yielded a list of all non-hidden files, including photos, backups, and external configuration files. Leviathan Security Group researcher Paul Brodeur explained in a blog post earlier this week that he created a proof-of-concept to demonstrate that “no permissions” apps still have access to the device´s SD card, handset identification data, and files stored by other apps. Thanks in large part to Android´s history of lax app policing, Google´s mobile operating system has been criticized as insecure.īut now it appears that apps with no permissions pose a new threat, gaining access to sensitive personal information without authorization. Security researcher publishes proof-of-concept app to demonstrate security issue in Google´s mobile operating system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |