So I've been working on Android security for a little while now and just seen today something which seemed a little unexpected. I thought I'd see if any you have an idea as to why this is the way it is. As I understand it, the mnt/asec folder is used for apps installed under forward lock restriction. I believe that this is linked to Jelly Bean and to the encrypted app feature added into that version of the platform. Is that right?
I had reason today to stumble across that folder (mnt/asec) and noticed that the permissions seem reasonably open. I wondered if anyone knew why. So, on my Galaxy Nexus device with a clean flash of yakju-jzo54k Jelly Bean Stock ROM the user permissions are set us as follows (I've santised folder and file names where necessary): So /mnt/asec is set up as: drwxr-xr-x root system /mnt/asec Inside there, an app is installed into a folder as: drwxr-xr-x system system /mnt/asec/com.appdeveloper.app-1 Inside the app folder are other folders and files as: drwxr-xr-x system system /mnt/asec/com.appdeveloper.app-1/lib -rw-r--r-- system system /mnt/asec/com.appdeveloper.app-1/lib/ndk.so -rw-r------ system u0_a60 /mnt/asec/com.appdeveloper.app-1/pkg.apk -rw-r--r-- system system /mnt/asec/com.appdeveloper.app-1/res.zip What's surprised me is the world readable permissions. Why are these needed. When these files are installed under the /data folder, there is no immediate way for any other 3rd party app to access them. You need to do something (I appreciate it's not too difficult, but you do have to do something) to be able to get the permissions necessary to access the location and find and access the files. In the mnt/asec file, certainly there are files which are immediately available to all and sundry and that includes the manifest in the res.zip. Don't get me wrong, I'm not suggesting it's a huge breach of security or anything, these files can be pulled off of a rooted device with ease and the Nexus devices make this nice and easy with the unlocked bootloader. But it does seem to be lowering the bar unnecessarily to have these files as world readable. with the groups and user accounts as they are. Any thoughts? -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To view this discussion on the web visit https://groups.google.com/d/msg/android-security-discuss/-/0wg1q1FBhKcJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
