[android-security-discuss] Re: Android Security and Malwares Aloha Wed Feb 01 06:02:58 2012
Hi Aditya, I am new on Android and is trying to find ways to learn more on its security. I just came across this forum and your post is the first one that attracted me. I hope you can give me some directions of where to go to understand Androids security issue better. The questions in my mind are: 1. Since Android uses sandbox that requires permission, it then put the burden on the user to ensure permissions are correctly granted to ensure security. However, many Android users may not be technology savvy and usually would grant whatever permission the application requested. This could be out of eagerness to try out a new application or just no clue at all on what permission will or will not do harm. I feel that there need to be a better way to protect the user and it should be inherently safe regardless of the sophistication of the user. Is there already some protection system or program available that can do that? I know some company sells antivirus for Android etc but to me those are just selling hope because there is no understanding provided to regular user on how it actually managed to provide the protection. There is always the fear that the antivirus itself is the that can easily do harm if it somehow has ill intention, or there is some malicious code siting even higher than the antivirus and watching its every move. 2. I read of a German company creating a secured Android by creating two partitions so that applications dont cross over. The company is called Bizztrust and is reported in http://thehackernews.com/2011/11/bizztrust-most-secure-android-phone.html . This to me sounds like sand box anyway. It also sounds like virtual machine like VM Ware kind of arrangement. Is this the better way to secure Android? If yes then can such arrangement implemented by user or developer that is not associated to the phone manufacturer? Meaning this can only be implemented at the manufacturer level? 3. I feel that to make the phone more secure it is better to learn how others could compromise it. Your "Hacking your Droid" examples are great ways to understand them. Is there any more such information out there where I could pick up? I am new on this so I need to start from simpler level, most sites I found requires quite some background knowledge to understand. Hope you can guide me a bit. PK On Dec 18 2011, 10:45 pm, Aditya <[EMAIL PROTECTED]> wrote: > Hello all, > > I'm a Mobile Security Researcher. Recently, i spoke at Clubhack, which > is India's International > Security conference. > The topic i chose was "Hacking your Droid". > If anyone is interested in the slides, here they are. > > http://dl.dropbox.com/u/25982611/HackingyourDroid.pdf > > Also, if anyone is interested in developing something > or contributing in some way, we could get in touch and share ideas and > knowledge. > > What i coded for the POC purpose, was a malware, which faked a > legitimate tic tac toe > app, which once installed in the user's phone did the following > things : > > 1. Turn the Wifi/3g ON. > 2. Send the IMEI and IMSI number. > 3. Send the contacts. > 4 .Send the call logs. > 5. Send the text messages in inbox. > 6. Get some specified files(this one works, only if root access is > available) > > All the 1-5 things could be done without even a root acess. > What i wanted to show, is how vulnerable the Android users are. > > The safeguards to this are only awareness and downloading apps only > from trusted places. > > If you want to be more careful enough, you could try reversing your > app before use. :) > > Thanks. > Expecting some discussions. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [EMAIL PROTECTED] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
- [android-security-discuss] Re: Android Security and Malwares Aloha 2012/02/01 <=
- [android-security-discuss] Re: Android Security and Malwares andreasg 2012/02/01
- [android-security-discuss] Re: Android Security and Malwares Earlence 2012/02/01