Click to Skip Ad
Closing in...
  1. Kasa Smart Home Sale
    12:05 Deals

    Amazon’s massive Kasa smart home sale has deeper discounts than Prime Day

  2. Screwdriver Set Amazon
    13:47 Deals

    Amazon shoppers rave about this 22-in-1 screwdriver set that’s down to $18 today

  3. Surge Protector Amazon
    15:01 Deals

    Brilliant $30 Amazon find expands a power outlet without an ugly power strip

  4. Best Beach Towels For Sand
    09:02 Deals

    You’ll never go to the beach again without this $17 Amazon find from a viral TikTok

  5. Amazon Deals
    10:12 Deals

    Today’s top deals: $50 soundbar, Alexa in your car for $20, $90 Ring Doorbell 2, $23…

Major Android vulnerability gives apps access to sensitive data without permission

Dan Graziano
April 11th, 2012 at 3:15 PM

The security of the Android mobile platform has always been a topic of debate. Due to Google’s open ecosystem and less invasive app policing policies, researchers argue that the Google Play marketplace is home to numerous malicious apps. Reports have surfaced over the past few years that claimed even applications from legitimate companies — such as Facebook, Skype and Path — were exploiting Android permissions and secretly accessing data. Paul Brodeur of Leviathan Security had a simple question: what data can an app access when it has no permissions? What he found may be shocking.

Brodeur created a special Android application that explores what data can be harvested from a device when the app has no permissions. The researcher found that his application was able to access the SD card, various system information and unique handset identification data. Access to the SD card provided Brodeur with information to all files that were not hidden, including photos, backups and any external configuration files. He states, however, that “while it’s possible to fetch the contents of all those files, I’ll leave it to someone else to decide what files should be grabbed and which are going to be boring.”

The second slew of information the application was able to access was located in the /data/system/packages.list file, which allowed the software to determine what apps are currently installed on a device. Brodeur was also able to scan each installed application’s directory to determine whether sensitive data could be read and accessed. This feature could be used by malware in an attempt to find apps with weak-permission vulnerabilities.

The last piece of information Brodeur’s application was able to gather regards a handset’s identifiable information. Without the “PHONE_STATE” permission, an application is not able to read the International Mobile Equipment Identity (IMEI) or International Mobile Subscriber Identity (IMSI). With no permissions, however, Brodeur’s app was still able to access the GSM and SIM vendor IDs. The researcher was also able to access the /proc/version pseudofile, which reveals the kernel version, Android ID and name of the custom ROM installed, if there is one.

Brodeur cautions Android users about suspicious applications, claiming any installed app can execute these actions without any user interaction or permissions. The researcher goes on to note that even without an Internet permission, he was able to use something called the URI ACTION_VIEW Intent to open a browser and export any collected data.

The researcher’s application was tested on Android 4.0.3 Ice Cream Sandwich and Android 2.3.5 Gingerbread.


Popular News