Skip to content

Info-security/Android-Vulnerabilities-Overview

 
 

Repository files navigation

License


Android Vulnerabilities Overview (AVO) is a databse of known security vulnerabilities in Android.

The vulnerabilities database is splitted into seperate .md files to get an better and cleaner overview. The current 2016 list is avaible over here.

The security flaw gives hacker ability to spy on Android smartphone owners, steal login credentials, install malware, and many more, according to the latest research conducted by the researchers at the Pennsylvania State University and FireEye.

Contact

Found something that isn't on the list? - Feel free to submit, maintainers/contributors are always welcome!

Want to communicate secure, feel free - my eMail public key is stored in the 'eMail.txt' file.

Warning

Do not install security updates like CVE-2015-1538.apk from untrusted sources! It's a trap!

Security updates are rolled out by Google Play-services (in background) or as ROM update directly from your provider and never comes as single .APK!

Attacks

Spyware Capabilities

  • Listening in to telephone conversations
  • Accessing the Internet
  • Viewing and copy contacts
  • Installing unwanted apps
  • Asking for location data
  • Taking and copying images
  • Recording conversations using the microphone
  • Sending and reading SMS/MMS
  • Disabling Anti-Virus software
  • Listening in to chats via messaging services (Skype, Viber, WhatsApp, Facebook and Google+)
  • Reading the browser history

Infected apps with Backdoors, Loggers or Ransomware

Generally apps that often bundled with security risks (due popularity and other weaknesses)

Research

Papers

Videos

Online tests

Kernel

'Security' (pentesting) Apps

Forensics analysis software and apps

In most cases Trojans/Malware only sending 'stuff' to there C&C's if you're on wifi (to not getting easier detected by the bandwidth consumptation itself), of course they often drain your battery, so some tools are to detect such cases and identifys them (like Hush) such tools can be used to reveal what exactly going on behind the scenes.

Vulnerability Databases

Known Pre-Installed Backdoors (within firmware)

Backdoor Discussion

‘Stingrays’ Cell Phone Trackers

Stingrays, made by the Harris Corporation, has capabilities to access user's unique IDs and phone numbers, track and record locations, and sometimes even intercept Internet traffic and phone calls, send fake texts and install spyware on phones. The authorities used these tracking tools for years to breach people's privacy and did everything to keep even the existence of these devices out of the public eye. They even avoid telling judges when they used them.

Firewall Leak Tests

About

An smart overview of known Android vulnerabilities

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published