In this presentation I will be discussing three privacy-related bugs (CVE-2018-9489, CVE-2018-15835 and CVE-pending) in Android OS that expose sensitive data to on-device applications. These bugs affect virtually all Android devices worldwide. This talk will include a discussion of the relevant Android internal components, the bugs themselves, vendor response and privacy implications for users. Some of these will be disclosed publicly for the first time.
Audience: Everyone because of privacy implications
I am an application security architect by day, and a security researcher by night. In the past few years I have discovered, published and presented on numerous vulnerabilities / CVEs spanning multiple areas of technology. I also participated in the development of many anti-spam standards used today (SPF and DomainKeys), and created the Abuse Reporting Format (ARF - RFC 5965) used for exchanging spam reports by most ISPs today. Among other things I authored RFC 4180 which documents the CSV format.