Hacker News new | ask | show | jobs
by buildzr 2421 days ago
All they'd have to do in order to survive a factory reset is to write to the /system partition, which contains the main OS. A factory reset only wipes /data and a few caches.

Writing to /system requires it to be mounted read/write and permissions to do so, so they'd need a root exploit in order to pull it off, but there's quite a few to choose from especially as devices age and given that they're doing this outside Play Store where Google won't pick them up.

I'm just crossing my fingers advanced users don't lose the ability to side-load apps over bad publicity like this, maybe they should make it harder to enable though.
1 comments
hunter2_ 2421 days ago
Is side loading the only way that code requiring root can easily get on a phone though? What about USB debugging?
link
piracy1 2421 days ago
No. The play store does not check very well and is pretty easy to bypass. Up until recently you could just download .dex (android equivalent of .jar) files into your apps resources at run time then call the classloader. Then for their runtime scan you can either just wait to put the real code online or have a hardcoded switch to execute the main function based on like an NTP server saying it's past X day. I think that is why they removed calls to the classloader from android. There's a few other ways to do basically that that still work but I'm not sharing those for free.

IMO There is a slight flaw to how this question is worded. It's not that they block you from running code that you need to be root to run (you'll just get insufficient perms errors) it's just that you're not root. You could write the code to write to /system, and it will run it just will not work. Thus, you need to utilize some sort of local privilege escalation. That is it's own equally semi-sticky wicket.

link
buildzr 2421 days ago
True, just disabling it via PackageInstaller by default would do the trick, the root community could re-enable it easily and those who only needed to sideload the occasional app could do so via USB debugging.

It seems like every time I hope for a reasonable solution like this I get let down substantially though.

link