Risk from .mp4 on Android? [closed]

I was cleaning out my phone today, and stumbled onto a video file I didn’t recognize in the top directory of my phone’s device storage. Without really thinking, I played it in Google photos, deleted it after seeing it was something I didn’t care about, and only then realized that I’d just opened an unfamiliar file in a suspicious location. I’m sure I’m just being paranoid about this (as I usually am), but is there any chance that playing that video could’ve infected my phone with something?

Is Android encryption secure?

As far as I know Android (Pie) is encrypted by default with some hardware-based password. But how secure is this encryption?

I am not talking about password compromise, but if somebody gets my phone, he just needs to turn it on to get data decrypted, so what’s the point? For what cases is this encryption designed?

Sniffing Traffic Android App

So, imagine that a vulnerable app provides a login interface. This login sends the user’s credentials to the App’s server to authenticate the user. However this is done via HTTP, therefore not secure.

If I were inside the user’s LAN network, I could easily perform a MITM and sniff the traffic and therefore the unencrypted credentials.

The questions is, how can I retrieve the credentials of a specific user by knowing this vulnerability WHILST being outside the network? What kind of practical attack vectors would there be?

  • One could be a malicious but disguised app on the user’s phone which monitors this traffic? (but obviously this would require a way of convincing the user of installing this app and also would count as being part of the LAN)

Spying apps: Android mic and camera access

Can android lollipop 5.1.1 apps which have permission to access mic and camera access them when the app is not running?

I woke up to the news by the NYT that a popular app I had previously downloaded was solely developed to be used as a spying tool by a government. I did not research the app when I downloaded it and the app needed mic and camera access as it is a messaging app.

What can I do in the future to ensure my mic and camera are not running when I’m not running an app? It will not be practical to check if every app I download is trusted or not as even popular American apps could be potentially malicious.

Where are fingerprints stored on an Android phone?

Many recent phones come with a fingerprint scanner. I use them rarely but I’m curious how do hardware and software protect user’s fingerprint data from being stolen.

  1. Does a fingerprint scanner come with its own storage where fingerprints are stored?

  2. How does the fingerprint scanner decide which fingerprint requests from apps are legitimate?

  3. When you factory reset a phone, do all the fingerprints get securely wiped?

How to sniff direct websocket connection in android ( i.e. no HTTP Upgrade connections ) using BURP?

I’ve pentested a lot of websites and a few apps too but this app eludes them all. On the websites, when there’s a websocket upgrade the BURP proxy recognizes it and starts showing it in the websockets tab. Somewhat similar happens on the apps, but not on this one.

This app doesn’t do any such thing.

How this app works :

  1. Gets it’s websocket endpoints from a config, downloaded from a website. Then ‘mysteriously’ it makes a connection to the websocket server, which isn’t visible in the BURP proxy.

My Setup : 1. Rooted phone with frida running and objection framework for ssl unpinning ( although not needed here, as I am already able to see all the http(s) traffic from the app ).

FYI I’ve added my BURP cert as root authority in my android 7.0 phone.

I’ve also tried ‘invisible proxying’ ( not sure how it works ) didn’t work either.

Any ideas would help ?


Security implication if android app can be installed on emulator

I am working on ensuring security of my company’s product. We have mobile version of the product. This question is for Android version

Background – Our product is a SaaS based product and app is meant to be used by different sales people of tenant organisation. We have implemented different layers of control for ensuring secure (or more like safe) environment for our app –

  • We check for root detection – (OS level check)
  • Implemented SSL pinning – (Transport layer level check)
  • Storing secrets in Android key chain
  • Minimal local data storage. Encrypt local data (that needs to be stored)

and list goes on. In short right from the device to communication layer to server layer we are in the process of covering every corner.

Question –

Problem –

The problem is we got one issue reported by one of the security researcher that says that as your app can be downloaded from android play store thus it can run on emulator and on emulator it is possible to bypass root detection. So it adds huge threat and should fixed immediately.

I searched alot but I cannot find security implication that could be possible if app can be installed on the emulator. Also I checked if I might have to fix it, what could be the possible solution. There are checks like looking if running environment is SDK, check if features like camera, or sensors are working but all those checks can be bypassed in emulator also.

It is kind of critical for me because if I accept this issue our client will see it in report and insist on getting it fix. I m running blank for implication that i would have to explain to Management and developer (if I accept) and fix (that might be required later)

Please provide your inputs