Monitoring what users does in their apps

I am curious about how secure Android phones are. Is it easy to find exploits that allows me to monitor what users does inside the apps they open?

And if I have a willing non-technical user, is it possible to build a apk that they install on their phones which contains the exploit that allows me to monitor what they do in FB, YouTubr etc.

Is this something that will require a lot of work per model or can I relative easy build an exploit for all phones using Android 7 or 8 for example?

2 Likes

It’s always possible to build an exploit for anything.

Android does use sandboxing but it’s a little different to how iOS handles their sandboxing. This means you may find it a bit more difficult to read activity in other apps, this is why Android asks the end user for permission to access certain things like camera and photos, et cetera. But if you can build something that will give the user a good reason for the app to access what you want up access, I can’t see why it wouldn’t work.

But building a universal exploit that will work on “all android os versions” isn’t really practical. Security patching is a thing for a reason.

ghost _

1 Like

I’m a bit ignorant on Android, but as fare as I understood I will even if given user permission never be able to see what user did in for example chrome.

I also didn’t expect a “all OS version” exploit but my impression is that Androids are very seldom patched. Is that right or wrong?

1 Like

That’s what the exploit is for, isn’t it? To be able to see what the user is doing in other apps? Of course it’s designed in that way, but that’s what hacking is.

And in regards the the patching. That really depends on the user. A lot of people are known to not install updates, this is something you’d use Shodan for.

ghost _

1 Like

When you have root on phone you may doing screenshots other apps :stuck_out_tongue:

Need info on protection of iPhone accounts

it’s all about ADB

  1. find hosts with open ADB port with shodan or another tool
  2. run command adb connect <ip>:<port>
  3. you now have shell on phone across the world
  4. ???
  5. profit
1 Like