you have missed out "ded" as a reverse engineering tool. and you dont mention important research in the field to circumvent and reduce the damage caused by malware and root exploits.
-Earlence On Jan 9, 1:47 am, andreasg <[email protected]> wrote: > Hi Aditya, > > do i assume rightly that you didn´t declared the permissions to access > the api calls? > otherwise, i don´t get your point. > > the user, which is thinking to download a tic tac toe game, will be > asked to grant the permissions (read contacts, access wifi state ...) > and has the option to deny the access to his data. > > On Dec 18 2011, 3:45 pm, Aditya <[email protected]> wrote: > > > > > > > > > Hello all, > > > I'm a Mobile Security Researcher. Recently, i spoke at Clubhack, which > > is India's International > > Security conference. > > The topic i chose was "Hacking your Droid". > > If anyone is interested in the slides, here they are. > > >http://dl.dropbox.com/u/25982611/HackingyourDroid.pdf > > > Also, if anyone is interested in developing something > > or contributing in some way, we could get in touch and share ideas and > > knowledge. > > > What i coded for the POC purpose, was a malware, which faked a > > legitimate tic tac toe > > app, which once installed in the user's phone did the following > > things : > > > 1. Turn the Wifi/3g ON. > > 2. Send the IMEI and IMSI number. > > 3. Send the contacts. > > 4 .Send the call logs. > > 5. Send the text messages in inbox. > > 6. Get some specified files(this one works, only if root access is > > available) > > > All the 1-5 things could be done without even a root acess. > > What i wanted to show, is how vulnerable the Android users are. > > > The safeguards to this are only awareness and downloading apps only > > from trusted places. > > > If you want to be more careful enough, you could try reversing your > > app before use. :) > > > Thanks. > > Expecting some discussions. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
