(Theory) Introducing a Vulnerability Through System APK Replacement

greyreap

New Member
Joined
Aug 18, 2010
Messages
3
Reaction score
0
This is just a theory, I'm no dev. So my question is to the devs.

Would it be possible to modify a system APK, adding an exploitable vulnerability, and replace it.

Replacing the existing market with the new one was simple, and I know some system APKs can be modified in an archive program without screwing up the signature. In theory shouldn't it be possible to introduce a vulnerability this way?

Let me know what you think.
 

WilfulHippo

Member
Joined
Jan 30, 2011
Messages
157
Reaction score
0
Why don't you try to decompile it and see its simple


Sent from my DROIDX using DroidForums
 
OP
G

greyreap

New Member
Joined
Aug 18, 2010
Messages
3
Reaction score
0
I'm not saying to modify the application itself, I mean would this be possible through modification of the files within the APK, i.e. the application resources.

But thanks for the oh so helpful reply.
 
Last edited:

nerdslogic

Silver Member
Joined
Nov 20, 2010
Messages
2,530
Reaction score
1
Location
Cybertron
I am no dev but I would imagine that approach might have been explored. But I could be wrong and we could all be thanking you soon. Who knows. Good question though.

I think there is a reliance on the SBF though for the most part if the boot loader isn't the target and only root is.
 

Raptor007

Member
Joined
May 9, 2010
Messages
469
Reaction score
0
Location
New York
If you could create an exploit in the market app, wouldn't that be closed up the next time its updated by Google? It would require constant cat and mouse moves.
 

neonerz

Member
Joined
Mar 8, 2010
Messages
79
Reaction score
0
You'd need root to be able to replace a system app with a new one. But then it wouldn't really do anything since even system apps don't have root, replacing a system app wouldn't gain you any advantages over just installing a new APK would.
 

evulhotdog

New Member
Joined
Aug 14, 2010
Messages
16
Reaction score
0
So system apps don't have root or even higher permissions over user apps or anything

Sent from my DROID3 using Tapatalk
 
OP
G

greyreap

New Member
Joined
Aug 18, 2010
Messages
3
Reaction score
0
Root isn't required to replace a system app (using the installer, not placing it) however I don't know what permissions system apps have although I would assume they have root access.

Oh well, I didn't know whether this would be an option or not. It sounds like a no go.
 
Top