Georgia Weidman Bypassing the Android Permission Model

Описание: When giving a security talk on the Android platform, one of the most common questions is can the permissions model be bypassed? Can an Android app, short of exploiting the phone and gaining root privileges gain additional permissions? In this talk we will look at ways attackers can bypass the permission model including: taking advantage of insecure storage practices in other installed apps, and piggybacking on other apps with insecurely implemented interfaces. Demos, code snippets and examples of apps from the Android Market with these problems will be shown. We will then discuss resources Android has in place to combat these problems and what developers and users can do to mitigate these risks.