Week 8 Flashcards
Security Model in Android Applications
Android apps are complex and can have unintentional vulnerabilities if developers don’t grasp security mechanisms.
Testing strategies include assessing the app sandbox/container, app communications, and connected servers for weaknesses.
Holistic testing is crucial to identify vulnerabilities throughout the app ecosystem.
Exposing Security Model Quirks
The Android security model has unique features.
Components can be “exported,” allowing interaction with other apps on the same device.
Export status matters for non-system apps, not for root/system users who can access components regardless.
Default Export Behavior
Changes in Android versions affect content provider default settings.
Content providers may be automatically exposed based on Android version and targetSdkVersion.
Permission Protection Levels
Custom permissions with signature protection prevent unauthorized access.
Malicious apps defining permissions first can lead to protection level downgrade attacks.
A Closer Look at Intents
Intents are data objects defining tasks in Android apps.
Explicit and implicit intents exist; explicit specifies the target, while implicit relies on the OS for resolution.
Components must handle incoming intents; “Intent Sniffing” can capture sensitive information.
Sieve: A Target Application
Sieve, a training app with intentional vulnerabilities, functions as a password manager.
Drozer tools can identify Sieve’s exported components and vulnerabilities.
Exploiting Activities
Activities are crucial for app functionality and security.
Unsecured developer practices can lead to security vulnerabilities, allowing unauthorized access.
Exported activities, even non-exported, can be initiated by privileged users.
Tapjacking
Tapjacking is a mobile security threat involving deceptive UI overlays.
It exploits “toasts” to misdirect user clicks to unintended actions.
Manufacturers like Samsung address tapjacking at the OS level.
Proof-of-Concept Application for Tapjacking Testing
Caitlin Harrison’s proof-of-concept app tests tapjacking vulnerability by displaying custom toasts.
Users can interact with the target app while the toast is visible.
Some manufacturers, like Samsung, have implemented OS-level protection against tapjacking.
Intent Resolution
Intent resolution matches the intent against intent filters using three criteria:
Action: The general action to perform.
Data: Data type, URI, etc.
Category: Additional info on the action.
Components receiving intents have specific requirements, crucial for attackers to consider.
