(Arg, adding list to reply) Your looking at the Copy-Protection/DRM.
Previously this was all located in "/data/app-private". The world readable-ness your seeing if for the assess to be read, though the classes.dex file is not accessable (nor is the cached odex file). -Tim Strazzere On Mon, Nov 5, 2012 at 1:29 PM, James S <[email protected]> wrote: > So I've been working on Android security for a little while now and just > seen today something which seemed a little unexpected. I thought I'd see if > any you have an idea as to why this is the way it is. As I understand it, > the mnt/asec folder is used for apps installed under forward lock > restriction. I believe that this is linked to Jelly Bean and to the > encrypted app feature added into that version of the platform. Is that > right? > > I had reason today to stumble across that folder (mnt/asec) and noticed > that the permissions seem reasonably open. I wondered if anyone knew why. > > So, on my Galaxy Nexus device with a clean flash of yakju-jzo54k Jelly > Bean Stock ROM the user permissions are set us as follows (I've santised > folder and file names where necessary): > > So /mnt/asec is set up as: > > drwxr-xr-x root system /mnt/asec > > Inside there, an app is installed into a folder as: > > drwxr-xr-x system system /mnt/asec/com.appdeveloper.app-1 > > Inside the app folder are other folders and files as: > > drwxr-xr-x system system /mnt/asec/com.appdeveloper.app-1/lib > -rw-r--r-- system system > /mnt/asec/com.appdeveloper.app-1/lib/ndk.so > -rw-r------ system u0_a60 > /mnt/asec/com.appdeveloper.app-1/pkg.apk > -rw-r--r-- system system > /mnt/asec/com.appdeveloper.app-1/res.zip > > What's surprised me is the world readable permissions. Why are these > needed. When these files are installed under the /data folder, there is no > immediate way for any other 3rd party app to access them. You need to do > something (I appreciate it's not too difficult, but you do have to do > something) to be able to get the permissions necessary to access the > location and find and access the files. In the mnt/asec file, certainly > there are files which are immediately available to all and sundry and that > includes the manifest in the res.zip. > > Don't get me wrong, I'm not suggesting it's a huge breach of security or > anything, these files can be pulled off of a rooted device with ease and > the Nexus devices make this nice and easy with the unlocked bootloader. But > it does seem to be lowering the bar unnecessarily to have these files as > world readable. with the groups and user accounts as they are. > > Any thoughts? > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/0wg1q1FBhKcJ. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
