{"id":3555,"date":"2017-02-21T13:37:56","date_gmt":"2017-02-21T18:37:56","guid":{"rendered":"https:\/\/solutionsreview.com\/mobile-device-management\/?p=3555"},"modified":"2017-02-21T13:37:56","modified_gmt":"2017-02-21T18:37:56","slug":"new-android-vulnerabilities-could-steal-corporate-data","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/","title":{"rendered":"New Android Vulnerabilities Could Steal Corporate Data"},"content":{"rendered":"<p><a href=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"3556\" data-permalink=\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/new-android-vulnerabilities-could-steal-corporate-data-2\/\" data-orig-file=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\" data-orig-size=\"800,350\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"New Android Vulnerabilities Could Steal Corporate Data\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-300x131.jpg\" data-large-file=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\" tabindex=\"0\" role=\"button\" class=\"alignleft size-full wp-image-3556\" src=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\" alt=\"New Android Vulnerabilities Could Steal Corporate Data\" width=\"800\" height=\"350\" srcset=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg 800w, https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-300x131.jpg 300w, https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-768x336.jpg 768w, https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-600x263.jpg 600w, https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-180x79.jpg 180w, https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data-400x175.jpg 400w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a>A new pair of Android vulnerabilities were recently discovered, according to the <a href=\"https:\/\/www.skycure.com\/blog\/app-in-the-middle\/\" target=\"_blank\">Skycure.<\/a><\/p>\n<p>The group reported that both vulnerabilities would enable dangerous personal apps to look at, change and even take content that should be securely stored in the Work profile of an Android device.<\/p>\n<p>Google\u2019s work features in Android were produced after the use of personal devices in the workplace began to skyrocket. The goal was to allow a user to create a profile with business-level security, while leaving the original, un-managed personal profile open.<\/p>\n<p>\u201cThe Android mechanism of user separation relies on an additional sandbox or secure container, where apps outside the sandbox cannot access data inside the sandbox,\u201d CTO of Skycure Yair Amit said in a <a href=\"https:\/\/www.skycure.com\/blog\/app-in-the-middle\/\" target=\"_blank\">recent blog post<\/a>. \u201cIn other words, no application installed within the device\u2019s personal profile should have any kind of access to the activity or content in the work profile.\u201d<\/p>\n<p>But vendor Skycure pointed out that two \u2018app-in-the-middle\u2019 attacks could penetrate it.<\/p>\n<p>For example, a malicious app could take actions on notifications, whether work related or not, given that notifications are enabled at the device level. And critical information such as emails could appear in those notifications. The malicious app may also have the power to transmit the information viewed.<\/p>\n<p>What\u2019s even more troublesome is that a hacker may be able to use the method to get to even more crucial data, or \u201cgain even greater access into sensitive work information by initiating a forgot[ten] password process on some enterprise system and hijacking the subsequent on-device notification to grant himself full enterprise access, even outside of the context of the mobile device,\u201d Amit said.<\/p>\n<p>He went on to say, \u201cTo keep this attack covert, the malicious app can immediately dismiss the notification and \u2018archive\u2019 the recovery email using the Android Notifications API so the victim is completely unaware they have been hacked\u2026.The attacker may even capture two-factor authentication and administrators will not have any visibility of the theft.\u201d<\/p>\n<p>The second vulnerability was found in the Accessibility Service, which helps users navigate their devices. While this is helpful, it\u2019s also a risk given that the service needs access to all of the content and controls on the device. This is an easy target for hackers.<\/p>\n<p>\u201cThis app-in-the-middle resides in the personal profile, yet is effective in stealing corporate information as the user interacts with it,\u201d Amit said. \u201cThe personal profile cannot be monitored or controlled from the work profile, so even if IT administrators try to enforce security on the work profile (e.g., by restricting the profile settings or allowing only whitelisted apps) it won\u2019t be possible to detect any exposure of sensitive information that uses the Accessibility Service, as they cannot access the personal profile. In order to perform such an attack, a malicious application would register as an Accessibility Service, present it with an innocent label, and manipulate the user to grant the access.\u201d<\/p>\n<p>Android has classified these threats as \u201cintended behaviors,\u201d so a patch is not expected.<\/p>\n<p>Stay with us for updates should they become available.<\/p>\n<p><span style=\"font-size: 1em\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"speedbump-1\" href=\"https:\/\/solutionsreview.com\/mobile-device-management\/buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"MDM Buyer's Guide\" src=\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2019\/02\/mobility-bg-speedbump.jpg\" alt=\"Download Link to MDM Buyer's Guide\" width=\"800\" height=\"225\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new pair of Android vulnerabilities were recently discovered, according to the Skycure. The group reported that both vulnerabilities would enable dangerous personal apps to look at, change and even take content that should be securely stored in the Work profile of an Android device. Google\u2019s work features in Android were produced after the use [&hellip;]<\/p>\n","protected":false},"author":33,"featured_media":3556,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"footnotes":"","_jetpack_memberships_contains_paid_content":false,"jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[15],"tags":[60,322,24,37,124,227,26,97,151,78,209,186,39,320,321],"jetpack_publicize_connections":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>New Android Vulnerabilities Could Steal Corporate Data - Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/\",\"url\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/\",\"name\":\"New Android Vulnerabilities Could Steal Corporate Data - Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\",\"datePublished\":\"2017-02-21T18:37:56+00:00\",\"dateModified\":\"2017-02-21T18:37:56+00:00\",\"author\":{\"@id\":\"\"},\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg\",\"width\":800,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/mobile-device-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"New Android Vulnerabilities Could Steal Corporate Data\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/mobile-device-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/mobile-device-management\/\",\"name\":\"Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms\",\"description\":\"News, Reviews, Buyers Guide and Best Practices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/mobile-device-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"\",\"url\":\"https:\/\/solutionsreview.com\/mobile-device-management\/author\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New Android Vulnerabilities Could Steal Corporate Data - Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/","twitter_misc":{"Written by":"","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/","url":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/","name":"New Android Vulnerabilities Could Steal Corporate Data - Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms","isPartOf":{"@id":"https:\/\/solutionsreview.com\/mobile-device-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg","datePublished":"2017-02-21T18:37:56+00:00","dateModified":"2017-02-21T18:37:56+00:00","author":{"@id":""},"breadcrumb":{"@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#primaryimage","url":"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg","contentUrl":"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg","width":800,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/mobile-device-management\/new-android-vulnerabilities-could-steal-corporate-data\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/mobile-device-management\/"},{"@type":"ListItem","position":2,"name":"New Android Vulnerabilities Could Steal Corporate Data"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/mobile-device-management\/#website","url":"https:\/\/solutionsreview.com\/mobile-device-management\/","name":"Best Enterprise Mobility Management Vendors, MDM UEM EMM Software and MDM Platforms","description":"News, Reviews, Buyers Guide and Best Practices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/mobile-device-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"","url":"https:\/\/solutionsreview.com\/mobile-device-management\/author\/"}]}},"jetpack_featured_media_url":"https:\/\/solutionsreview.com\/mobile-device-management\/files\/2017\/02\/New-Android-Vulnerabilities-Could-Steal-Corporate-Data.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9z2F4-Vl","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/posts\/3555"}],"collection":[{"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/comments?post=3555"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/posts\/3555\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/media\/3556"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/media?parent=3555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/categories?post=3555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/mobile-device-management\/wp-json\/wp\/v2\/tags?post=3555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}