lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALdcr8fTupM=ZtFLQh2fnQ26_thTE9b6Zm6-L0S_5Nu_rvBJPQ@mail.gmail.com> Date: Fri, 16 Oct 2020 13:46:48 -0400 From: Michael Lazin <microlaser@...il.com> To: Pedro Cunha <pedroagracio@...il.com> Cc: certbund@....bund.de, "Enrico Weigelt, metux IT consult" <lkml@...ux.net>, fulldisclosure@...lists.org Subject: Re: [FD] Google's Android: remote install backdoor in Google Play Services I do see the point and even though it is not a deliberate back door the end result is if your google account is compromised and an attacker wants to be sneaky they could push software to your android device without your permission. Given the history of malware found in the play store I would recommend making a feature request to google to notify you if someone pushes software from the web from a previously unknown IP. If you don't want to do this I would be happy to and would of course credit you for your find. On Fri, Oct 16, 2020, 1:21 PM Pedro Cunha <pedroagracio@...il.com> wrote: > I don't see how this is an "on-purpose backdoor". As far as I know, this > feature is used so you can install Android apps on your phone via the web > interface on another device (like a desktop) logged into the same Google > account, via the Play Store. > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists