|
|
|
|
|
|
by Spittie
3874 days ago
|
|
|
Play Services have a way to install applications in the background (http://stackoverflow.com/questions/23695170/how-to-install-a...) that does a signature check, and refuse to work if the request didn't come from a Google App. Maybe they found a way to call that from Chrome's v8? What makes me think so is that they claim to have installed a "BMX Game" (which I guess is on the Play Store), and I don't see any claim of it being automatically launched after the installation (Android >2.3 should block that). That would be much better for Android than the alternatives. As far as I can tell, applications can only install stuff in the background if they are system applications (live into some /system subfolder, which Chrome does when preinstalled/installed from a GAPPS package) AND declade the "INSTALL_PACKAGES" permission in their manifest (Chrome doesn't). That should be the only way, apart from getting root (but I guess they would have just said "we got root" then). EDIT: Obviously all of this is just a guess. I'm just happy that there is no Chrome on my phone :) (but the WebView on Android 5.1 is based on Chromium - so i wonder if that's exploitable as well?) |
|
|
Edit: I had this in mind https://jon.oberheide.org/blog/2011/03/07/how-i-almost-won-p...