Breaking into android devices through native services and applications has already been done (mostly by malwares) and is well documented. Creating malicious applications and releasing them in Google's Play Store too. What about Android's middleware ?
Android's middleware is a pure mine of gold for who wants to play with it and may provide a lot of advanced features that may be used to create cool tools or impact every android device in a smart and original way. Moreover, middleware attacks are not quite complex to perform and allows anyone to bypass the restrictions added by Google on its well-known operating system.
This talks will present the tools required to perform Android's middleware attacks, the new security watchdogs implemented (and controlled) by Google in order to restrict our freedom and some sample hacks, one of them targetting Android's AppOps service. A specific android application allowing users to send class 0 SMS messages will also be released, working on Android 4.4.2 and higher thanks to one of these hacks.
This talk goes deeper in the internals of Android's middleware layer (mostly written in Java), for a lot of fun and more freedom in this pseudo-opensource operating system.