A Simple Tool for Linux Kernel Audits 22 May 2017 by jduck In Android, the Linux kernel is the crux of security. It is responsible for enforcing access control to just about everything in the system. If an attacker can gain arbitrary code execution in kernel mode,...
December 2015 Android OTA Update Links 13 Dec 2015 by jduck This month brings both the release of Android 6.0.1 and another round of security patches for Nexus devices. The December 2015 Nexus Security Bulletin details the issues fixed but has yet to be updated...
November 2015 OTA Links 02 Nov 2015 by jduck A new month brings a new round of security patches for Nexus devices. The November 2015 Nexus Security Bulletin details the issues fixed and has been updated (as of yesterday) to include links to...
October 2015 OTA Links: Moar security fixes! 06 Oct 2015 by jduck Yesterday was an exciting day of Android releases. It brought both the October 2015 Nexus Security Bulletin and the public release of Android 6.0 Marshmallow. I’ve updated our AOSP Changes site to...
Faster Nexus Updates! September 2015 OTA Links 16 Sep 2015 by jduck Back in August, Google and other ODMs made some strong commitments to start pushing out security updates more quickly and more often. The very first 30-day period following this event just occurred and we saw...
AOSP Changes and Status Update 11 Mar 2015 by jduck Recently, Funky Android Ltd closed up shop. As a result, the Android developer and security communities lost a valuable resource that Funky Android provided — their AOSP developer change logs. Since we were...
Thoughts after a Month with Blackphone 30 Sep 2014 by jduck About a month ago, I decided to order a Blackphone. The product web site makes some tall claims about security, even calling it a “secure smartphone.” This kind of proclamation is rather bold, perhaps even...
On the WebView addJavascriptInterface Saga 26 Feb 2014 by jduck In the last month, several new facts came to light in the saga of security issues with using addJavascriptInterface in Android WebView objects. While the dangers associated with this method are well documented, the full...
Two Security Issues Found in the Android SDK Tools 04 Feb 2014 by jduck During an audit of the Android ADB source code, two security issues within the Android SDK Platform Tools were discoverd. When combined together, these issues can allow an unprivileged local user to gain access to...
Launching the Web Site 03 Feb 2014 by jduck In May 2012, after engaging in a long-term consulting project regarding Android, I realized a need to build a community in order to advance the security of the Android mobile platform. To begin the process,...