Featured Articles

Hardening Guide for phpList
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
WordPress Multisite on the Darknet (Mercator .onion alias)
Introducing BusKill: A Kill Cord for your Laptop
Detecting (Malicious) Unicode in GitHub PRs
Why I was banned from GrapheneOS by Daniel Micay
Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Crowdfunding on Crowd Supply (Review of my experience)
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
previous arrow
next arrow

Auditing Android Security (Investigating Unauthorized Screenshots)

By Michael Altfield, on November 9th, 2018

About six months ago, I discovered something on my smartphone that horrified me: I went to undelete a file in DiskDigger, and I stumbled upon a plethora of unexpected jpegs: screenshots of my activity. Screenshots that I didn’t take. Screenshots of my conversations. Screenshots of my GPS position. And screenshots of my bitcoin wallet.

I was perplexed. I was astonished. And, to be honest, I was scared. How did this happen? Was it a vulnerability shipped with LineageOS? Could it be some malicious binary embedded into AOSP? Or is it some exploit in one of those damned closed-source apps that I was forced to install through social pressure (*cough* whatsapp)?

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Auditing Android Security (Investigating Unauthorized Screenshots)

11 comments