Featured Articles

Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot)
WordPress Multisite on the Darknet (Mercator .onion alias)
WordPress Profiling with XHProf (Debugging & Optimizing Speed)
Hardening Guide for phpList
Nightmare on Lemmy Street (A Fediverse GDPR Horror Story)
Why I was banned from GrapheneOS by Daniel Micay
Crowdfunding on Crowd Supply (Review of my experience)
Detecting (Malicious) Unicode in GitHub PRs
Introducing BusKill: A Kill Cord for your Laptop
Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
previous arrow
next arrow

Auditing Android Security (Investigating Unauthorized Screenshots)

By Michael Altfield, on November 9th, 2018

About six months ago, I discovered something on my smartphone that horrified me: I went to undelete a file in DiskDigger, and I stumbled upon a plethora of unexpected jpegs: screenshots of my activity. Screenshots that I didn’t take. Screenshots of my conversations. Screenshots of my GPS position. And screenshots of my bitcoin wallet.

I was perplexed. I was astonished. And, to be honest, I was scared. How did this happen? Was it a vulnerability shipped with LineageOS? Could it be some malicious binary embedded into AOSP? Or is it some exploit in one of those damned closed-source apps that I was forced to install through social pressure (*cough* whatsapp)?

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael


. . . → Read More: Auditing Android Security (Investigating Unauthorized Screenshots)

11 comments