A Chinese Internet manufacturer APP uses the Android system vulnerability to increase the permissions, thereby obtaining user privacy and preventing them from being uninstalled.
The first hacker technical means used in the seemingly harmless app in their own seemingly harmless apps are Bundle Feng Shui, which seems to be obscure but actual in recent years. Matching a series of vulnerabilities to achieve a 0Day/NDAY attack, so as to bypass system verification and obtain system -level Startanywhere capabilities.
After the right to control the mobile phone system, the APP starts a series of illegal operations, bypassing privacy compliance supervision, and collecting users' privacy information (including social media account information, location information, Wi-Fi information, base station information and even routers, even routers Information, etc.)
After that, another hacker technical means further used by the APP are the Root-Path FileContentProvider exported to the mobile phone manufacturer OEM code to read and write the System APP and sensitive system application files;
Then break through the sandbox mechanism and bypass the permissions system to rewrite the system's key configuration file to maintain itself, modify the user desktop (Launcher) configuration to hide itself or deceive users to achieve anti -unloading;
Subsequently, other applications were further hijacked by covering the dynamic code file to inject code into the back door to perform code for more hidden long -term residence;
It has even realized the same remote control mechanism as spy software. It can avoid testing through the remote "cloud control switch" to control illegal behavior.
