FYI the last time I "elevated access" to a device I did it with a simple command-line app - no apk wrapper. (Saved it to a writable directory on /data and ran it from adb shell.)
There isn't anything inherently more secure about the lower level interfaces to prevent someone from writing an exploit that doesn't need an android app. (For that matter, most of the 'root required' apps are merely android wrappers around commandline tools..) On Wed, Aug 3, 2011 at 4:01 AM, patrick Immling <[email protected]>wrote: > Thanks a lot for all your responses. > > @Chris: So the ONLY way exploits gets into the Android is by means of Apps. > Or to elaborate, even native exploits are hidden inside an apk and then > distributed. What about manipulating some library and letting users use this > .so? Is it even possible? And since any App calling this library would say, > get root permission and do some damage?? > I am only musing loudly as to what possibilities exist to attack android. > > @Kevin:Users must be given fine grained revokeable control of > > apps. What users care about and what needs securing is almost always > under their default priviledges anyway. Good one :) > > > On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: > On Tue, 2 Aug 2011 10:02:01 +0200 > patrick Immling <[email protected]> wrote: > > > And the way to break down the Android is to rip through the security > barrier > > is to find a way to compromise it is through a privilege escalation. > > The main thing attackers need root for is to hide a backdoor or activity > away and make sure your device stays under their control forever or > maybe to upgrade your device to avoid the exploits providers subject > you to. As demonstarted by Windows most attacks aren't that > sophisticated. Users must be given fine grained revokeable control of > apps. What users care about and what needs securing is almost always > under their default priviledges anyway. > > > > On Tue, Aug 2, 2011 at 8:21 PM, Kevin Chadwick <[email protected]>wrote: > >> On Tue, 2 Aug 2011 10:02:01 +0200 >> patrick Immling <[email protected]> wrote: >> >> > And the way to break down the Android is to rip through the security >> barrier >> > is to find a way to compromise it is through a privilege escalation. >> >> The main thing attackers need root for is to hide a backdoor or activity >> away and make sure your device stays under their control forever or >> maybe to upgrade your device to avoid the exploits providers subject >> you to. As demonstarted by Windows most attacks aren't that >> sophisticated. Users must be given fine grained revokeable control of >> apps. What users care about and what needs securing is almost always >> under their default priviledges anyway. >> >> -- >> Kevin Chadwick <[email protected]> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Android Security Discussions" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/android-security-discuss?hl=en. >> >> > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
