this post was submitted on 02 Sep 2024
233 points (96.4% liked)
Pulse of Truth
477 readers
256 users here now
Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
What about Google Play Services? A pre-installed Swiss army knife of a system app with proprietary code and apps relying on it as a dependency seems to check the box.
That might be possible. I’m not an expert in the wide ranging permissions that preinstalled system apps can access. It would require Google complicity. We haven’t seen this behavior in various sandbox versions of Google play running on custom ROMs, nor hasn’t been seen in any teardowns, but it cannot be completely ruled out.
I feel like there are better places to hide such malicious code. For example, down in the hardware abstraction layer, or another proprietary demons that aren’t part of AOSP. At the end of the day, you need to have some trust in the company that develops your OS.