Simple Spyware: Androids Invisible Foreground Services and How to (Ab)use Them
share
With the releases of Android Oreo and Pie, Android introduced some background execution limitations for apps. Google restricted the execution of background services to save energy and to prevent apps from running endlessly in the background. Moreover, access to the device's sensors was changed and a new concept named foreground service has been introduced. Apps were no longer allowed to run background services in an idle state, preventing apps from using the device's resources like the camera. These limitations, however, would not affect so-called foreground services because they show a permanently visible notification to the user and could therefore be stopped by the user at any time. Our research found out that flaws in the API exists, which allows starting invisible foreground services, making the introduced limitations ineffective. We will show that the found flaws allow attackers to use foreground services as a tool for spying on users.
READ FULL TEXT