Hi Aditya, do i assume rightly that you didn´t declared the permissions to access the api calls? otherwise, i don´t get your point.
the user, which is thinking to download a tic tac toe game, will be asked to grant the permissions (read contacts, access wifi state ...) and has the option to deny the access to his data. On Dec 18 2011, 3:45 pm, Aditya <[email protected]> wrote: > Hello all, > > I'm a Mobile Security Researcher. Recently, i spoke at Clubhack, which > is India's International > Security conference. > The topic i chose was "Hacking your Droid". > If anyone is interested in the slides, here they are. > > http://dl.dropbox.com/u/25982611/HackingyourDroid.pdf > > Also, if anyone is interested in developing something > or contributing in some way, we could get in touch and share ideas and > knowledge. > > What i coded for the POC purpose, was a malware, which faked a > legitimate tic tac toe > app, which once installed in the user's phone did the following > things : > > 1. Turn the Wifi/3g ON. > 2. Send the IMEI and IMSI number. > 3. Send the contacts. > 4 .Send the call logs. > 5. Send the text messages in inbox. > 6. Get some specified files(this one works, only if root access is > available) > > All the 1-5 things could be done without even a root acess. > What i wanted to show, is how vulnerable the Android users are. > > The safeguards to this are only awareness and downloading apps only > from trusted places. > > If you want to be more careful enough, you could try reversing your > app before use. :) > > Thanks. > Expecting some discussions. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
