Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them
Bernhard Tellenbach, Thomas Sutter at Black Hat Europe 2019
This simple to implement spyware shows that Androids permission model can't prevent an excessive use of permissions and that the limitations do not prevent the collection of the user's sensitive data. In order to prevent such attacks, it would be necessary to constantly monitor the apps permission usage or to revoke the permissions after every use. Such prevention mechanisms already exist but aren't widely used, which sets the users privacy and security at risk. We will show what users can do in order to guard themselves against such spyware attacks. Furthermore, we will introduce our solution ideas to detect such spyware on Android.
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#simple-spyware-androids-invisible-foreground-services-and-how-to-abuse-them-17738
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefings/schedule/#simple-spyware-androids-invisible-foreground-services-and-how-to-abuse-them-17738