Today i am releasing the paper which i presented recently at C0C0N conference at ernakulam. this paper outlines where security misconfiguration that can lead to device compromise, data theft and so on.
Hope this helps in secure development and deployment of custom ROM’s.
http://anantshri.info/articles/android_cust_rom_security.html
The link contains download for both my slidepack as well as the complete whitepaper.
also a crude application is created and uploaded on android market which can help in identifying the issue.
https://market.android.com/details?id=anant.hax.aui
October 18th, 2011 at 1:44 am
Nice paper dude…
I liked the perspective and the way you have explained.
The best i liked was the android stack picture
October 19th, 2011 at 8:34 pm
Hi Anant;)
After i´ve read your white paper i got 2 conclusions:
1. you`re absolutely right and explain it as it should but…
2. If Devs consider all that why develop anything?
As principle i think you´re right but that fact is if any rom will be developed as “closed” almost anyone use it and no matter what make you develop you certain won´t develop for 1/2 guys/gals. For that we have stock ones:)
Now. I can agree with something like a big alert on every rom development section/thread about the potential risk by install an “open” rom but more than that it will kill all development in the end;)
Cheers pal
rendeiro2005 (Crowds)
October 22nd, 2011 at 12:56 am
Good work, I think these issues are not emphasized enough. The vulnerability with custom recovery alone is putting people at great risk. Another thing to check for is whether the custom ROM was signed with the test keys that come with the source as some are. It allows an attacker to sign their malware with the same keys and get access to system permissions.
October 28th, 2011 at 1:55 pm
hm good work still you have to work something more
November 1st, 2011 at 1:08 pm
Hi Amit,
Thanks for taking time to read it.
however can you help me in understanding what exactly were you looking at and didn’t found it satisfactory.