File:20150415-Android apps in sheeps clothing-Tobias Ospelt-modzero.pdf

Android is the most widely used mobile operating system worldwide. The Android permission system is broken by design and probably the worst problem in the entire Android ecosystem. Additionally, Android is providing very risky and overly permissive features that allow an attacker to mess with the user's data. Combining these issues we show a new technique to steal credentials and other sensitive information from other applications on Android. Our malicious app is a regular app installed on the Android system using only features of Android.