It's more the principle of the permission system being violated than the actual problems caused by it.
On Fri, May 15, 2009 at 5:59 PM, birjodh tiwana <[email protected]> wrote: > > To gather the information about what websites the user visits you dont even > to read these files. Browser history is open to all the applications, i > think it can be read by a query on > a browser database. > > On Fri, May 15, 2009 at 6:27 AM, Aubrey-Derrick Schmidt > <[email protected]> wrote: >> >> Hi, >> >> we discovered the same issue. Being able to violate the permission is >> definitely concerning. >> >> BR, >> Aubrey >> >> [email protected] wrote: >> > Hi All, >> > >> > Whilst experimenting with naive apps etc I realized that there are no >> > restrictions on reading /proc or /sys/. From /sys/class/power_supply/ >> > battery/capacity I can get the amount of charge because all users have >> > read permission. >> > >> > ls -l /sys/class/power_supply/battery/capacity >> > -r--r--r-- root root 4096 2008-11-21 23:05 capacity >> > >> > Whilst this is not a direct security threat it appears this should be >> > prohibited by android.permission.BATTERY_STATS. i.e. It's a violation >> > of the permission system. >> > >> > Also being able to gather information from /proc/net it appears that >> > some read aspects of android.permission.ACCESS_NETWORK_STATE and >> > android.permission.ACCESS_WIFI_STATE are being violated. >> > >> > $ ls -l /proc/net/tcp >> > -r--r--r-- root root 0 2008-11-23 13:16 tcp >> > $ cat /proc/net/tcp >> > sl local_address rem_address st tx_queue rx_queue tr tm->when >> > retrnsmt uid timeout >> > inode >> > 0: 6900A8C0:887C 0100A8C0:0050 >> > 1: 6900A8C0:DD8F 0100A8C0:0050 >> > 2: 6900A8C0:ACFB 0100A8C0:0050 >> > 3: 6900A8C0:C734 0100A8C0:0050 >> > where c0 = 192, a8 = 198, 00 = 0, 01 = 1. and 50 = tcp port 80. >> > >> > $ cat /proc/net/dev >> > tiwlan0: 366602 314 0 0 0 0 0 0 >> > 28948 339 (WiFi enabled) >> > rmnet0: 67757 168 0 0 0 0 0 0 >> > 128781 193 (GPRS enabled) >> > >> > If I wrote a service with android.permission.RECEIVE_BOOT_COMPLETED >> > and android.permission.INTERNET I could continually monitor /proc >> > these and gather information about what sites a user visits, without >> > permission, and then export the info using the internet. Obviously >> > this is not a huge security threat, but I think there are some issues >> > here. >> > >> > What do you think? >> > >> > Chris >> > >> > > >
