Android Security Vulnerability – Any Rogue App Can Get Permissions on Android Device
Android security vulnerability:
According to latest leak, any rogue app can remove device locks from your Android phone. This recent Android security vulnerability has been tested on Android 4.0, Android 4.1, 4.2, and 4.3 Jelly Bean versions. With this Android security vulnerability in the coding, anyone can bypass all the activated locks on your device.
Reported, analyzed and tested by curesec, the Android lock bug exists on the com.android.settings.ChooseLockGeneric class which is used to allow the user to modify the type of lock the Android device should have. Android devices have several types of locks implemented on the devices, from pins, passwords to gestures and face recognition, which are used to lock and unlock the Android device.
If any user wants to change the lock settings, for example changing the pin, it requires the user to first enter the previous / existing pin. In the code, user is allowed to control if the device should ask for confirmation or not. This way, user has the control on the flow which can be used to effectively unblocks the device.
"We can control the flow to reach the updatePreferencesOrFinish() method and see that IF we provide a Password Type the flow continues to updateUnlockMethodAndFinish(). Above we can see that IF the password is of type PASSWORD_QUALITY_UNSPECIFIED the code that gets executed and effectively unblocks the device." - cureblog
Here is some description of how Android security architecture works:
"A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc." - Android