The 2016 U.S. presidential primaries are well under way and the candidates are a hot topic in the media, social media and in real life discussions. With all the buzz, I was curious to see how Android app developers are taking advantage of the candidate’s popularity and what permissions the apps request. So with this mission in mind, I started downloading and testing these apps.
Trump Apps – Permission Heavy
When I searched for “Trump” in Google’s Play Store, I wasn’t really too surprised to see a lot of silly apps. Mr. Trump has a certain reputation and it seems like app developers are taking advantage of his reputation.
Here are the top apps that appear when you search for “Trump” in the Play Store:
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
The usermode audio subsystem for the “Samsung Android Professional Audio” is based on JACK and appears to suffer from a privilege escalation vulnerability.
The usermode audio subsystem for the “Samsung Android Professional Audio” is based on JACK, which appears to be designed for single-user usage. The common JACK configuration on Linux systems appears to be a JACK server running under the current user account, and interacting with JACK clients from the same user account; so with a minimal privilege difference; this is not the case with the configuration on Android, where the JACK service runs as a more privileged user in a less restrictive SELinux domain to the clients that can connect to it. The JACK shared memory implementation uses the struct jack_shm_info_t defined in /common/shm.h to do some bookkeeping. This struct is stored at the start of every JackShmAble object. This means that whenever the JACK server creates an object backed by shared memory, it also stores a pointer to that object (in the address space of the JACK server), allowing a malicious client to bypass ASLR in the JACK server process.
To make the configuration of routers easier, hardware vendors instruct users to browse to a domain name rather than numeric IP addresses.
Networking equipment vendor TP-LINK uses either tplinklogin.net or tplinkextender.net for its routers configuration. Although users can also access their router administration panel through local IP address (i.e. 192.168.1.1).
GnuTLS is a secure communications library implementing the SSL and TLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols, as well as APIs to parse and write X.509, PKCS #12, OpenPGP, and other required structures. It is intended to be portable and efficient with a focus on security and interoperability.
