Conversation

Jul 19, 2019

If you think that the #media files you receive on your end-to-end #encrypted secure messaging apps can not be tampered with, you need to think again!

@TheHackersNews

explore this new type of media form jacking below.

thehackernews.com

Hackers Can Manipulate Media Files You Receive Via WhatsApp and Telegram

WhatsApp and Telegram messenger could allow malicious apps installed on your device to manipulate incoming media files, and spread fake news or scam you into sending payments to the wrong account.

123

Replying to

and

I’ve never coded for android but dream in Linux ... How is it that android (based on Linux) does not run each app as a underprivileged user and set ‘owner only read’ permissions on files it writes to external storage??? This seems bloody obvious and relatively easy to implement.

Replying to

and

> How is it that android (based on Linux) does not run each app as a underprivileged user Each app runs with a unique user / group for the app in the profile. They also run within a unique instance of the untrusted_app SELinux domain, which implements most of the isolation.

11:23 AM · Jul 20, 2019Twitter Web Client

Replying to

> set ‘owner only read’ permissions on files it writes to external storage The usual storage location for apps is in their internal app sandbox. External means outside of the app sandbox and requesting access to external storage is a legacy approach to sharing data between apps.

Replying to

The whole point of external storage is that it's shared storage between apps. The ability to request global access to it was a poor design that started to be phased out in Android 4.4 which introduced granting case-by-case file access instead. 5.0 extended that to directories.

Show replies