Hidden android permissions: Remote code execution and shell access using a live wallpaper

摘要

Given Android's popularity, it is likely that Android devices will be targeted with increasing frequency by malware designers, in particular by programs which are designed to steal some of the sensitive personal or financial information. This threat puts an obligation on security professionals and software developers to work to ensure that the Android platform is as secure as possible. Users of mobile devices should also be aware that the trust they grant to mobile applications they download from app stores can be exploited. In this demo paper, we present a live wallpaper app to demonstrate how trust can be exploited to gain shell access even on unrooted Android devices.