Assessing implementation vulnerabilities
With all the vulnerabilities that we are able to find with respect to Android apps, it is important to understand what could potentially happen if attackers elevate privilege on the device from the app. This section focuses on vulnerabilities on the device itself rather than on an app.
Implementation vulnerabilities are of two types:
- Local: Local vulnerabilities include platform-based and default apps that are installed
- Remote: These are remote vulnerabilities within the platform that might allow remote access of the device
Let's take an example of packages that are running under the UID 1000. The following screenshot shows how many apps are running under the same UID. These shared IDs can be taken advantage ...
Get Mobile Application Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
