Featured Articles

Why I was banned from GrapheneOS by Daniel Micay
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
WordPress Multisite on the Darknet (Mercator .onion alias)
Introducing BusKill: A Kill Cord for your Laptop
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Crowdfunding on Crowd Supply (Review of my experience)
Detecting (Malicious) Unicode in GitHub PRs
Techlore Interview (BusKill, Interdiction, and OpSec)
Hardening Guide for phpList
previous arrow
next arrow

Auditing Android Security (Investigating Unauthorized Screenshots)

By Michael Altfield, on November 9th, 2018

About six months ago, I discovered something on my smartphone that horrified me: I went to undelete a file in DiskDigger, and I stumbled upon a plethora of unexpected jpegs: screenshots of my activity. Screenshots that I didn’t take. Screenshots of my conversations. Screenshots of my GPS position. And screenshots of my bitcoin wallet.

I was perplexed. I was astonished. And, to be honest, I was scared. How did this happen? Was it a vulnerability shipped with LineageOS? Could it be some malicious binary embedded into AOSP? Or is it some exploit in one of those damned closed-source apps that I was forced to install through social pressure (*cough* whatsapp)?

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Auditing Android Security (Investigating Unauthorized Screenshots)

11 comments