Pi and More

Willkommen

Herzlich willkommen auf meiner Homepage. Mögest du interessante Artikel und Informationen finden!

Welcome to my homepage! While some texts are written in German, the most interesting articles are available in English.

24.06.14

Possible Android Security Bug?

androidsecurityI just filed this bug (not public) in the Android bug tracker. It allows anyone to see the screen contents of the foreground app even if the screen is locked. - Steps to reproduce the problem (including sample code if appropriate).
Open some app. Lock the screen or wait until it is locked (such that a gesture is needed to unlock it). Turn the phone into horizontal (landscape) mode. Open the camera app, press the power button, wait about a second, press it again.
- What happened.
The camera app restarts. During the process, for about a second, it shows the app that was running in the user's session.
- What do you think the correct behavior should be.
The app should not be visible at all. With this attack, an adversary has plenty of time to read any information displayed in the app.
Note that this attack does not work (as far as I could see) when the phone is in portrait orientation.
- Don't forget to mention which version of Android you're using, and/or which device the problem appears on (model and Android version).
Nexus 5 with Android 4.4.4


Is this bug reproducible for anyone? Is it already known?

The (public) list of security bugs (including the fixed ones) in the bug tracker seems very short, which seems strange.

Alle Blogbeiträge ansehen

Neueste Artikel

Advanced Geocaching Tool for Android

02.08.12

AGTL was ported to Android.

Advanced Geocaching Tool for Android

Advanced Geocaching Tool for Meego/N9

23.01.12

AGTL, developed originally for the Openmoko Freerunner and now in active development on the Nokia N9, is the all-in-one solution for on- and offline geocaching and makes geocaching paperless!

Advanced Geocaching Tool for Meego/N9