Android Vulnerabilities

*nix-Based Attack Mobile Penetration Testing

Android is a mobile operating system. It is developed and maintained by Google, and is based on a modified version of Linux. Android apps come packaged as APKs (Android PacKages). They are (mostly) developed by third parties and written in Android Java. Apps must go through a vetting process before they are allowed to be posted on Google Play. However, Android does not prevent users from side-loading apps from unauthorized sources. This provides an attacker with additional opportunities (particularly social engineering) to compromise an Android device.

Most mobile device users do not understand that their phone must be protected with the same diligence as their laptop or desktop. As a consequence, many Android devices lack basic security measures such as strong authentication and endpoint protection. lists over 1,800 Android-related security vulnerabilities. lists nearly 130 exploits. Metasploit has nearly 30 Android-related modules. Here are some common Android vulnerabilities. Not all have CVE numbers.



Physical theft

Their small size makes Android devices especially vulnerable to theft and loss.

Weak or no passwords

Many users do not enable passwords or use weak passwords on their device.

Lack of data encryption

Many apps, including those that use the SQLite database, store data in cleartext.

Ability to side-load apps

Android allows users to install unsigned apps from any source, even on devices that are not rooted.

Rooted device

Many Android users root their device, overwriting firmware-based security controls so that they can have more control over the phone. Unfortunately, this makes it easier to compromise the phone, as users now have root level privileges.

SQL injection

The SQLite database, which is the most commonly used database in mobile devices, is vulnerable to a SQL injection attack.

Unauthorized access or excessive permissions by apps

Many apps either request more permissions than they actually need, or do not request permissions at all to access resources such as contacts, microphone, camera, location services, etc.

Data leakage from syncing

Security vulnerabilities in cloud-based services could expose the Android device to attack, especially if the user uses the same password for multiple websites.

Lack of antivirus/malware protection

Most users do not install endpoint protection on their devices. This leads to virus infections, unsafe surfing, malicious downloads, SMiShing, etc.

Missing updates and patches

As with any system, the OS and its apps need periodic patching. This often does not happen, or users roll back the updates to recover disk space or improve performance.

QuadRooter vulnerabilities

This is a set of four vulnerabilities affecting devices that use Qualcomm chipsets (about 900 million devices). Any of the four could escalate privilege and grant an attacker root access. CVE-2016-2503.

Certifi-Gate mRST flaw

A flaw in mobile remote support tools allows an attacker to install a malicious app and gain control of the device. Affects versions up to 5.1 (Lollipop). No CVE #.

Stagefright MMS flaw

Considered the most serious Android flaw to date. Allows an attacker to send a malicious video message that can be processed by the native media playback library without user knowledge. Permits escalation of privilege and remote arbitrary code execution. Affects versions up to 5.1. CVE-2015-3864. Metasploit module exploit/android/browser/stagefright_mp4_tx3g_64bit

Android Installer hijacking

This allows attackers to replace legitimate APK with malicious one. Affects older devices up to v4.1 (Jelly Bean). No CVE #.

Android FakeID flaw

This allows a malicious app to hijack the trusted status of a legitimate app by forging its digital signature, thus escaping sandboxing. Affects versions 2.1 (Eclair) to 4.3 (Jelly Bean). No CVE #.


This is a kernel level flaw that allows a user or attacker to quickly root older devices, up to version 4.4 (KitKat).

Janus vulnerability

An attacker could add malicious code in the form of a DEX file to an APK without changing the APK digital signature. CVE-2017-13156.

Cross-platform protocol vulnerabilities

As a Linux variant, Android is susceptible to exploits that impact common protocols or features, such as POODLE, KRACK and Dirty COW.

Note: For more information on Android vulnerabilities, see and

Leave a Reply

Your email address will not be published. Required fields are marked *