Exploiting Android Browser

Exploiting Android Browser

연구 분야: Strategies

학회: International Conference on Cryptology and Network Security

Android permission is a system of safeguards designed to restrict access to potentially sensitive data and privileged components. While third-party applications are restricted from accessing privileged resources without appropriate permissions, mobile browsers are treated by Android OS differently. Android mobile browsers are the privileged applications that have access to sensitive data based on the permissions implicitly granted to them. In this paper, we present a novel attack approach that allows a permission-less app to access sensitive data and privileged resources using mobile browsers as a proxy. We demonstrate the effectiveness of our proxy attack on 8 mobile browsers across 12 Android devices ranging from Android 8.1 to Android 13. Our findings show that all current versions of Android mobile browsers are susceptible to this attack. The findings of this study highlight the need for improved security measures in Android browsers to protect against privilege escalation and privacy leakage.