科技回声

The study is available here[0]. The gist is that an app can launder a request it isn't privileged to make through another app that is privileged and doesn't correctly check the intent sender. There are examples in Section 4.3.<p>[0] : <a href="http://people.cs.vt.edu/danfeng/papers/AsiaCCS-17-Yao.pdf" rel="nofollow">http://people.cs.vt.edu/danfeng/papers/AsiaCCS-17-Yao.pdf</a>

Or in other words: There are 35 apps that can leak your data to tons of other apps. However we're not going to tell you which ones.

I only use Nexus and Pixel devices lately, so I'm not sure if this is available on all devices, but for apps that I have any worries about (e.g. 100% of games) I have a second user, on an empty gmail account created purely for that purpose, that I switch over to. It takes less than three seconds to switch accounts, I game and get the diversion, and then switch back. The downside is that I don't get notifications, and some privileged info is still available to the apps (although I block the ability to make calls or send texts to the other number, etc), but it does greatly reduce the surface area of the exposure.

For anyone looking for the dataset:<p><a href="https://amiangshu.com/dialdroid/" rel="nofollow">https://amiangshu.com/dialdroid/</a>

FUSE does this. <a href="https://formal.tech/products/fuse" rel="nofollow">https://formal.tech/products/fuse</a>

Is there a list of the apps anywhere?

Or in other words: There are 35 apps that can leak your data to tons of other apps. However we're not going to tell you which ones.

For anyone looking for the dataset:<p><a href="https://amiangshu.com/dialdroid/" rel="nofollow">https://amiangshu.com/dialdroid/</a>

FUSE does this. <a href="https://formal.tech/products/fuse" rel="nofollow">https://formal.tech/products/fuse</a>

Is there a list of the apps anywhere?

Pairings of Android apps that leak sensitive data

6 条评论

Pairings of Android apps that leak sensitive data

6 条评论