How safe are apps from Android device spying at hardware/OS level? [Advanced]

The android device is OEM/unbranded, sourced from china factory.

Assuming it has spyware built into the OS or even at hardware level. How safe is it to use the usual Apps like Facebook, instagram, reddit, etc?

My assumptions and the things I'm wondering about:

  1. Even at OS level spying/sniffing, well developed apps w/ encryption should be pretty safe when it comes to what they're transmitting to and from the server.
    But I there a way for OS/hardware level spyware to sniff data between INPUT (plain text) and the App, at hardware level? I'm not talking about keyloggers or clipboard loggers. I'm talking about a way for the spyware to really go into the App layer and sniff plain text inputs "submitted" by the user.

Eg.
Step 1: user inputs data into the App's form fields
Step 2: On submit, App runs code to take that plain text input, encrypt it, and send it out to server.

Can a really reasonably good spyware get in between Step 1 and 2 and make a copy of that plain text data?

  1. Keyloggers
    I'm very familiar w/ PC based keyloggers but i dont know things work on Android. Are Android keyloggers effective at catching keypresses inside an app like facebook or reddit? And what about those Apps that bring up their own keyboard (not using the native keyboard) - I would assume they're relatively safer right?

  2. Sessions
    Is there a way for these spywares to capture the session of an app, and replay/replicate it on a different device/machine/emulator?

I know in the hacking world there is almost a way for pretty much anything, but what i'm asking here are for reasonable risks specially for an average users (and not specifically targeted)

Backstory if interested to hear about it:
We are trying to assess the attack vectors of spywares baked in Android devices by Factories themselves.

We've ran sniff tests on a roughly 20 android phones and tablets from china (samples) where all data is passing through our gateway with wireshark and definitely lots of these devices are phoning home, even right out of the box and during any user activity. Some devices fire packets at intervals every 12mn lol.

Most of these packets we've detected are encrypted, but we're not sure if it's encryption done by the Apps (aka reddit) or if they are the spyware's own encryption used for its own purpose (hiding its intentions and tracks)

At the end of the day, were trying to create guidelines and recommendations for how to use these questionable devices for users who doesn't have a choice otherwise. We've pretty much concluded thru our tests that FILES stored on the device (even in microSD cards) are very vulnerable and difficult to protect since it lies on the Android OS file system and any spyware can pretty much do as it pleases w/ that. So our recommendation states to not keep sensitive files on these devices (aka nudes lol).

So we're at a point where we are trying to figure out "WHAT USERS CAN REASONABLY-SAFELY USE THESE DEVICES FOR" and so far, perhaps we are leaning towards the idea that as long as they're using a solid apps (chrome browser, reddit, facebook, insta, the usual) with encryption it should be fine - or so we hope.



Submitted July 29, 2020 at 12:25AM by MojoTojoPH https://ift.tt/2P6OgM2 https://ift.tt/eA8V8J

Comments

Popular posts from this blog

Removable batteries discussion