Exploring in depth the android permission mechanism, through different protection levels.
Step by step exploitations techniques that affect more than 98% of all Android devices including the last official release (Android 12).
In this talk I reveal a few different techniques that I uncovered in my research, which can allow hackers to bypass permissions from all protection levels in any Android device, which is more than 3 billion active devices according to the google official stats.
These vulnerabilities enable the hacker to bypass the security measures of android, by abusing default (built in) services and get access to abilities and resources which are protected by permission mechanism.
Some vulnerabilities are partially fixed, others won't be fixed as google considers as intended behavior.
In this talk I'll survey the different vulnerabilities, and deep dive into a few of different exploitations.
Finally, I'll demonstrate how those techniques can be combined together to create real life implications and to use for: Ransomware, Clickjacking, Uninstalling other apps and more, completely undetected by security measures.