Hi All, Whilst experimenting with naive apps etc I realized that there are no restrictions on reading /proc or /sys/. From /sys/class/power_supply/ battery/capacity I can get the amount of charge because all users have read permission.
ls -l /sys/class/power_supply/battery/capacity -r--r--r-- root root 4096 2008-11-21 23:05 capacity Whilst this is not a direct security threat it appears this should be prohibited by android.permission.BATTERY_STATS. i.e. It's a violation of the permission system. Also being able to gather information from /proc/net it appears that some read aspects of android.permission.ACCESS_NETWORK_STATE and android.permission.ACCESS_WIFI_STATE are being violated. $ ls -l /proc/net/tcp -r--r--r-- root root 0 2008-11-23 13:16 tcp $ cat /proc/net/tcp sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode 0: 6900A8C0:887C 0100A8C0:0050 1: 6900A8C0:DD8F 0100A8C0:0050 2: 6900A8C0:ACFB 0100A8C0:0050 3: 6900A8C0:C734 0100A8C0:0050 where c0 = 192, a8 = 198, 00 = 0, 01 = 1. and 50 = tcp port 80. $ cat /proc/net/dev tiwlan0: 366602 314 0 0 0 0 0 0 28948 339 (WiFi enabled) rmnet0: 67757 168 0 0 0 0 0 0 128781 193 (GPRS enabled) If I wrote a service with android.permission.RECEIVE_BOOT_COMPLETED and android.permission.INTERNET I could continually monitor /proc these and gather information about what sites a user visits, without permission, and then export the info using the internet. Obviously this is not a huge security threat, but I think there are some issues here. What do you think? Chris
