In this presentation I will be discussing three privacy-related bugs (CVE-2018-9489, CVE-2018-15835 and CVE-pending) in Android OS that expose sensitive data to on-device applications. These bugs affect virtually all Android devices worldwide. This talk will include a discussion of the relevant Android internal components, the bugs themselves, vendor response and privacy implications for users. Some of these will be disclosed publicly for the first time.
Audience: Everyone because of privacy implications