Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 7 au 9 juin 2023.

Leveraging Android Permissions: A Solver ApproachJérémy Breton

Date : 08 juin 2023 à 09:45 — 15 min.

Android implements a model that executes applications in sandboxes. An application usually needs to access resources or information outside of its own sandbox, for that it must be granted permissions. Since Android Marshmallow (API 23), runtime permissions protect sensitive information such as camera or phone.

This permission system has suffered from vulnerabilities that were found through fuzzing. But with the little research that has been done around the permission system, it seems interesting to look into it.

This paper covers the research of a new vulnerability in the Android permission system by using a solver approach.