Skip to main content

Malicious hackers could exploit flaws in Android for Work to nab sensitive data

android 23 gingerbread deprecated for work
wutlufaipy/123RF
One of the pillars of Google’s enterprise-focused “work features in Android platform,” previously called Android for Work, is security. But a newly discovered exploit demonstrated at the RSA conference in San Francisco on February 16 showed how an attacker could view, steal, and even manipulate content on a corporate Android smartphone without tipping off IT administrators.

The flaw, discovered by Yair Amit, chief technology officer of cybersecurity firm Skycure, has to do with the way Android for Work handles “sandboxes,” or protects user profiles. The service operates on the idea of a “work” profile with business-level controls, enterprise applications, corporate email, and secure documents on a smartphone or tablet. This secure profile effectively acts as a separate user, though it shares icon badges and notifications with the personal profile.

This concept of sandboxing — creating a secure container where apps outside the work profile can’t access data inside it — is key to Android for Work’s conceit. But it isn’t bulletproof.

One potential line of attack involves Android’s notifications framework. Incoming Android for Work messages are designated with a red briefcase icon in Android’s notifications window, giving the impression that they remain segregated from those in the personal profile.

But notifications on Android are a device-level permission, meaning apps in the personal profile can potentially manipulate the content of notifications from the work profile. Malicious software could view sensitive incoming work emails, calendar appointments, file attachments, and other messages, for example, and could transmit that information to a remote server.

The second line of attack exploits a flaw in Android’s Accessibility Service, the Android component that provides usability enhancements for impaired users. It necessarily has access to virtually all of Android’s content and controls, making apps that acquire permission to use it particularly dangerous — and difficult to detect. For instance, an app could use Android’s Draw Over Apps feature, which allows apps to lay text and graphics on top of other apps, to trick a user into activity Accessibility Service or Notifications without their knowledge.

That’s not to suggest the attacks can’t be mitigated. Android 6.0 Marshmallow requires users to manually allow apps to create system overlays by changing permissions in the settings menu. And the Notifications attack requires a user to grant extraordinary permissions to an installed app. Still, Amit notes the relative ease of circumventing Android for Work’s sandboxing method by exploiting the “illusion” of security.

“The interesting thing about both of these […] methods of defeating the Android for Work profile separation is that the device and the Android operating system remain operating exactly as designed and intended,” Amit said.

“It is the user who must be tricked into placing the software on the device and activating the appropriate services that allow the malware access to sensitive information. [The] illusion of a secure container […] tends to allow people to let their guard down in the belief that the environment itself is a sufficient security mechanism to protect data.”

Editors' Recommendations

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Buying an iPad Mini today? You need to know about this deal
The Apple Pencil attaches to the iPad mini magnetically.

If you've had an eye on iPad deals for the latest model of the Apple iPad Mini for a while now, this may be the offer that you've been waiting for -- a $100 discount from Best Buy on the tablet's Wi-Fi, 64GB model, slashing its price to $400 from $500. It's still pretty popular years after its release, so we don't expect stocks of the device for this sale to last long. If you're thinking about taking advantage of this bargain, you better push through with your purchase as soon as possible to make sure that you don't miss out on the savings.

Why you should buy the Apple iPad Mini 2021
The latest generation of the Apple iPad Mini was released in 2021, but it's still featured in our roundup of the best iPads because it's the model that you should buy if you want a smaller and more compact version of Apple's tablets. Its 8.3-inch Liquid Retina display is smaller than the screens of its peers, but it's still big enough to enjoy watching streaming shows and browsing websites, while allowing you to use the device with one hand. Unlike its predecessor, there's no Home button, so the Touch ID sensor is instead built into the power button at the side of the Apple iPad Mini 2021.

Read more
Microsoft Surface Laptop 5, Surface Pro 9 heavily discounted today
The Surface Pro 9 in laptop mode on a table.

Microsoft's Surface devices are well known for their versatility and performance, but they command premium prices. That's why there's always high demand for Surface Laptop and Surface Pro deals, as who doesn't want to enjoy a discount when making a huge investment? If you're interested, Best Buy is offering the Microsoft Surface Laptop 5 at $300 off, which brings its price down to $1,000 from $1,300, and the Microsoft Surface Pro 9 at $540 off, which lowers its price also to $1,000 from $1,540, ahead of the arrival of the consumer versions of the Surface Laptop 6 and Surface Pro 10. You need to push through with your transaction as soon as possible if either of these bargains caught your attention, as we're not sure how much time is remaining before they disappear.
Microsoft Surface Laptop 5 -- $1,000, was $1,300

The Microsoft Surface Laptop 5 is a traditional Windows 11 laptop that's powered by the 12th-generation Intel Core i5 Evo processor, Intel Iris Xe Graphics, and 8GB of RAM. It won't match up to the performance of the best laptops, but it's going to be more than enough to handle daily tasks for work or school. The laptop features a 13.5-inch PixelSense touchscreen with vibrant colors and sharp details, a battery that can last up to 18 hours on a single charge, and a 512GB SSD that provides ample storage space for your files. The Microsoft Surface Laptop 5 also comes with a 720p webcam and dual far-field Studio Mics for clear video calls.

Read more
We have some bad news about the Google Pixel 9
A render of the Google Pixel 9 smartphone in black.

When the first wave of Google Pixel 9 series leaks arrived on the scene a few weeks ago, what really got us excited was the camera upgrade for the entry-level model. The leaked renders envisioned a triple-lens rear camera setup for the Pixel 9 that added a periscope-style telephoto snapper at the back alongside a radical design change.

Well, it seems those changes will remain a pipe dream, at least in 2024. OnLeaks, in collaboration with 91Mobiles, has shared alleged renders of the Pixel 9, claiming that the triple-camera devices in those leaked renders actually depicted the pricier Pixel 9 Pro and a new Pixel 9 Pro XL variant.

Read more