This repository has been archived by the owner on Jun 20, 2023. It is now read-only.
[BSI][0.5.4-alpha] App Snapshots Enabled #9
Assignees
Labels
bug
Something isn't working
Comments
7 tasks
|
Hello @BSI-TF-CWA, this finding has been resolved in pull request #108 (currently only dev branch), therefore I am closing this issue. If the implemented fix is not sufficient please let us know and repoen the issue. Thanks and best, |
This was referenced Jun 16, 2020
|
@BSI-TF-CWA Could you clarify the following sentence for me? I can't really wrap my head around the second part (all after comma).
Is the sentence above equivalent to "The snapshot is saved outside of the app's sandbox, and only apps with root privileges or apps that can bypass sandboxing limitations can access the snapshot"? |
jakobmoellerdev
pushed a commit
that referenced
this issue
Aug 7, 2020
jakobmoellerdev
pushed a commit
that referenced
this issue
Aug 7, 2020
…kchange change 2nd APK to forTestersRelease
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Rating: Low
Description:
When an app is sent to the background, Android takes a snapshot of the latest view of the application and saves it on the file system. If this snapshot contains sensitive data, a malicious app can obtain such data from the sanpshot.
The snapshot is saved outside of the app's sandbox, therefore any malicious app can access it only if it has root privileges or can bypass sandboxing limitations.
Proof of concept - see picture below:
The text was updated successfully, but these errors were encountered: