New Android versions introduce a blacklist of APIs that are not accessible even via reflection. Cool trick I haven't seen before: using double reflection, make the (whitelisted) system do the prohibited reflection for you, a sort of confuse deputy attack:https://www.xda-developers.com/android-development-bypass-hidden-api-restrictions/ …
-
-
Yeah, blacklists are always brittle, and therefore not a security boundary.
-
yep yep. Indeed not a security problem. But I always assumed you needed native code (like in https://blog.quarkslab.com/android-runtime-restrictions-bypass.html …), didn't know this Java-only thing!
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.