BSides Detroit 12 Interviews 05

This week we talk with Georgia Weidman. Georgia lets us in on a little bit of Android security permissions.

Abstract: When giving a security talk on the Android platform, one of the most common questions is can the permissions model be bypassed? Can an Android app, short of exploiting the phone and gaining root privileges gain additional permissions? In this talk we will look at ways attackers can bypass the permission model including: taking advantage of insecure storage practices in other installed apps, and piggybacking on other apps with insecurely implemented interfaces. Demos, code snippets and examples of apps from the Android Market with these problems will be shown. We will then discuss resources Android has in place to combat these problems and what developers and users can do to mitigate these risks.

This episode is cross-posted at Rats and Rogues.