With the releases of Android Oreo and Pie, Android introduced some background execution limitations for apps. Google restricted the execution of background services to save energy and to prevent apps from running endlessly in the background. Moreover, access to the device's sensors was changed and a new concept named foreground service has been introduced. Apps were no longer allowed to run background services in an idle state, preventing apps from using the device's resources like the camera. These limitations, however, would not affect so-called foreground services because they show a permanently visible notification to the user and could therefore be stopped by the user at any time. Our research found out that flaws in the API exists, which allows starting invisible foreground services, making the introduced limitations ineffective. We will show that the found flaws allow attackers to use foreground services as a tool for spying on users.
翻译:随着Android Oreo和Pie的释放,Android为应用程序引入了一些背景执行限制。谷歌限制执行背景服务,以节省能源并防止应用程序在背景中无休止地运行。此外,对设备传感器的接触有所改变,并引入了名为前景服务的新概念。应用程序不再允许在闲置状态运行背景服务,从而阻止应用程序使用设备的资源,如相机。然而,这些限制不会影响所谓的前台服务,因为它们向用户展示了永久可见的通知,因此可以随时被用户阻止。我们的研究表明,API存在缺陷,允许启动隐形的地面服务,使引入的限制无效。我们要表明,发现的缺陷允许攻击者使用地面服务作为监视用户的工具。