New Malicious Apps Can Gain System Privilege As Rom Is Signed With Default Platform Key


Status
Not open for further replies.
Q

qwertyman

Members
Sep 23, 2017
20
15
It seems all xiaomi.eu ROMs are signed with the default Android platform private key. This is a severe security flaw. Any arbitrary userland apps (installed by users using apk files) can gain System privilege by claiming android:sharedUserId="android.uid.system" in the manifest xml file.

Here is an example app that is signed with platform key and has such field (Chinese website, translate it using Google Translate):

https://www.coolapk.com/apk/tc.mycompany.com.hstopapk

This app (hstopapk) can gain system privilege and disable/freeze any apps without root permission.
 
Signing key of ROM zip has no any effect on ROM security..

did you try that app? doesn't work for me on Android 8.x and Android 7.x...
 
  • Like
Reactions: dogiex and qwertyman
ingbrzy said:
Signing key of ROM zip has no any effect on ROM security..

did you try that app? doesn't work for me on Android 8.x and Android 7.x...
Click to expand...
Thanks a lot for the reply. Yes, I tried that app. It will crash on my EU rom / Mix2 / latest beta. However, it is stopped by SELinux but not the package installer.

The probem is that the package can actually be installed into the system, which passes the signature check. So there still be possibility that a malicious app can run and gain system privilege.

Normally, such app should not even been installed in the first place. Stock MIUI rom will stop such app from installing.

Here is a Chinese forum discussing this issue. Users who are using the stock Roms mostly cannot install this example apk which is rejected by the system.

https://www.v2ex.com/t/446931
 
I just checked the digital signature (CERT.RSA) for "framework-res.apk", and it's the official Xiaomi signature.
The ZIP signature for the ROM has absolutely no relevance to ROM security.
 
This is not an issue for our ROM, closing thread down. If any reputable information can be provided to contradict that then im sure it can be investigated more.
 
Status
Not open for further replies.

Similar threads

phoe7224
Verification Of Platform-signed System Apps
Replies
0
Views
1K
MIUI ROM Porting Advice/Help
phoe7224
phoe7224
L
Resolved Santander Way (Banking app) doesn't work on POCO F3 (Redmi K40)
Replies
1
Views
2K
Bugs
Igor Eisberg
Igor Eisberg
archesolus
Arnova Google-Camera Mod 8.1 [STABLE]
Replies
17
Views
12K
Redmi Note 7 / Pro
archesolus
archesolus
Igor Eisberg
  • Sticky
[INFO] Known Issues (Weekly) & FAQ
Replies
2K
Views
940K
Bugs
gogito
gogito
Sixie
Xiaomi Can Install Applications Remotely On Device
Replies
4
Views
3K
Mi General
Sixie
Sixie
Top Bottom
Back