Posted by Vahagn Vardanyan on Aug 14

Sandbox bypass through Google Admin WebView

An issue was found in Google’s Android Admin application that allowed other
applications on the device to bypass sandbox restrictions to read arbitrary
files through the use of symbolic links.

The advisory can be downloaded here
<https://labs.mwrinfosecurity.com/system/assets/1021/original/mwri-advisory_sandbox_bypass_through_google_admin_webview.pdf>
.
Description

An issue was found when the…