Securing the System: A Deep Dive into Reversing Android Pre-Installed Apps

Black Hat USA 2019

Presented by: Maddie Stone
Date: Thursday August 08, 2019
Time: 14:30 - 15:20
Location: Lagoon GHI

The Android security community has been predominantly focused on user-space applications for many years. However, there is a distribution mechanism for security issues that affects more unknowing users, generally allows more privileges, and is tougher to remediate once launched: problems in pre-installed applications. With thousands of OEMs and even more firmware images, the Android pre-installed ecosystem is a big space to both audit and secure.

This talk will detail the differences in reversing and analyzing pre-installed Android applications compared to the user-space applications that most security research has focused on. This will include things like identifying when a pre-installed application is unlikely to run in an emulator without modification, detecting signals that the pre-installed app may be colluding with other components and be only one piece of the puzzle, and how bad behaviors can change when they instead are run in the more privileged context of a pre-installed application.

We will then dive into case-studies of Android pre-installed security issues we discovered in 2018 & 2019: malware, security misconfigurations, and remote code execution backdoor. We will walk through the code and reverse engineering process. In addition, we'll cover detection and remediation for each and how it differs from a user-space application. This talk will be a detailed tour through the Android pre-installed ecosystem: the analysis challenges and how to get around them and the interesting security issues one might uncover.

Maddie Stone

Maddie Stone is a Senior Security Engineer on the Android Security team at Google where she reverses all the bytes to keep malware off the phones of Android users. She has spent many years deep in the circuitry and firmware of embedded devices including 8051, ARM, C166, MIPS, PowerPC, BlackFin, the many flavors of Renesas, and more. Maddie has previously spoken at conferences including Blackhat USA, REcon Montreal, OffensiveCon, KasperskySAS and more.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats