• NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    107
    arrow-down
    2
    ·
    4 days ago

    Normally I would agree with this perspective, but in this case the “malicious app” is just a demo. It requires no permissions to do the malicious behavior, which means that the relevant code could be included in any app and wouldn’t trigger a user approval, a permissions request or a security alert. This could be hiding in anything that you install.

    • krooklochurm@lemmy.ca
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      3 days ago

      Man in the middle an app download or find some kind of exploit to inject the code from a website, ta da.

      I mean, obviously there’s more to it than this but.

      That’s how these things work. They’re chained.

      • NaibofTabr@infosec.pub
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 days ago

        Hmm, yes that can happen, but can it happen if you’re downloading directly from the Play store?

        • reksas@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          4
          ·
          3 days ago

          first you download something and it has nothing malicious, then you update it later and then it has something.

          • NaibofTabr@infosec.pub
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            3 days ago

            I’m sure there are apps that have malware built in yes, but I mean the MITM approach during an app download that you were describing.