Android : Vulnerability is inevitable?| Part 1

Do you think that your conversation with other people over the smartphone is the known facts only to you and the people on the other end? Have you noticed the feeds on your mobile is based on your mind set and search results? Your answer will be yeaaahhh !!! I felt that..And you can also mock at me !!! Lolz…What is that awesome knowing about it!!!

You might also know that your data in your smartphone is being monitored by the big GIANT!!! If not knowing this…sorry, this is the fact 🤐

Let’s demystify this topic 50% for normal readers and 50% tech guys.

First let’s start with the known things with android higher API level (from Android O).

Android O and above : Have you noticed this!!😱

One important feature that was rolled out with android O and above is, starting the Background or Foreground service by showing notification to the user.

Wait!!! this is little bit tricky to understand for the folks who don’t have context in Android. I will explain as simple as I can…

“The action of helping or doing work for someone”

In the context of android too it is the same as we got the results googling…

Service is nothing but it works for the intended app by doing its operation when the app is in background and also when the app is being flashed (opened)…Got it!!!

A question will be raised in all your minds, asking… Then any apps can implement this service and get my data in background on a daily basis!!!

There comes in permissions for an app.

This is an example for app permissions that everyone have noticed…If an app is asking for permissions genuinely, accept those if you intend to lose your data…

For example: If the app is not meant to grab all your SMS in your inbox then don’t allow it…

What if I have allowed it??

Check for the permissions in apps and disable it if not needed. Anyways the big GIANT have all your data…

Lets go to service again!!!

Android devices above Oreo rolled out a feature saying that an Android app can run the service in background by showing a notification to the intended user in notification bar saying “xyz App is running”!!! Cool ryt!!! 😌

But what happens to the device below Oreo!!!

Easy breezy… 😋

Have you ever??

Have you noticed that youtube is “Looking for downloads” notification pops up every now and then!!!

If not , just restart your mobile and turn on the data you will notice!!!

Wait !!! 🥵Don’t look for it by turning off notification for the app…

This is a background service meant by the intended app to look for the youtube downloads… Don’t panic!! How you know that, this will look only for the downloads 😄. And you might also noticed that notification will disappear in seconds…Then why it should be shown to the user 🤔 (Ethics).

Stop!! Stop!! Stop… It disappeared..

Then what ?? It is just a trigger, when you restart the mobile….

What happens after triggering ? It will serve it’s needy.

Code snippet to understand..Skip this if not needed…

Start the service with notification👇

Cancel the notification in 20 millisec👇

Whether 20 ms is required to notice and stop that service…This service can be triggered by repeating an alarm…

That so called cool people : Hey dude, I have turned off notification for that app in Settings I don’t need to worry about data theft…One minute silence for those folks…

It will run the service in background without showing you…

Custom ROM’s : Hectic for developers to achieve this 😐

Custom ROM’s like MIUI from Xiaomi and several other manufacturers wont allow to run a service in background for a certain amount of time…Custom ROM’s allows to run a service endlessly only when the app is whitelisted.

Android devs,

KitKat ( October , 2013 ) : Easy to eat

Lollipop (November , 2014) : Easy to lick

Marshmallow (October , 2015) : Its tasty and yummy

Nougat (August , 2016) : ………….Everything is good to go….till we got the mixture with Custom ROM’s.

Custom ROM’s too left their loop holes in order to achieve everything above mentioned. So be cautious while accepting the permissions.

Things to notice !!

Starts it service after a boot complete till next time you restart your mobile.
  • If you wanna look into it … About phone > Build Number (tap 5 times) you will see You are now a developer…Search for Developer options > Running Services in settings. You can see the services that are running currently. Stop the services which are not needed…

🚫 Caution : Don’t stop the system services and Google services

They are the inevitable ones…Lol 😂

  • You are using google keyboard (every new buyers of android are using that 🤔)

Let us look into the scenario….

Scenario (Whatsapp):

He : Hey i have decided to buy a violin.

She: Super. How will you play that? Have you planned for classes or online tutors?

He : Looking for online classes.

After a while : Let me search for a violin 🤔

Apps > Google chrome : When he kept his cursor on search box

This is not a big deal as everyone have come across this…Even in youtube too… this results appeared when he typed “buy”… But google is better than any IDE Intellisense, even before you type it knows. You know how decent Google is !! It waits for your words and suggests 😆

This is just an intro on this topic. Still lot more to come, util then buckle up your seats and hold tight.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store